中文摘要：

自2007年以来，高级持续威胁（advanced persistent threat，APT）攻击不断被发现。例如，2009年的GhostNet攻击专门盗取各国大使馆、外交部等政府机构以及银行的机密信息，两年内就已渗透到至少103个国家的1295台政府和重要人物的电脑中；2010年6月，Stuxnet首次被发现，是已知的第一个以关键工业基础设施为目标的蠕虫，其感染并破坏了伊朗纳坦兹核设施，并最终使伊朗布什尔核电站推迟启动；2011年9月发现的Duqu病毒用于从工业控制系统制造商收集情报信息，目前已监测到法国、荷兰、瑞士及印度等8个国家的6家组织受到该病毒感染。APT攻击已经成为近几年给国家、社会、企业、组织及个人造成重大损失和影响的攻击形式。文章首先介绍APT攻击的定义，之后给出APT攻击的技术特点，最后介绍目前APT攻击中针对手机的最新攻击方式，以提高人们应对此类攻击的防范意识。

英文摘要：

Since 2007, advanced persistent threats （APT） attacks continue to be discovered. For example, in 2009, Ghost Net attack specifically stole confidential information of embassies, the Foreign Ministries and banks, within two years, the attack had penetrated into the 1295 computers of the governments and important persons in at least 103 countries. In 2010, Stuxnet was firstly discovered, which was the worm aiming at the key industrial infrastructures for firstly known. Stuxnet infected and destroyed the Natanz nuclear facility, and ultimately delayed the start-up of Bushehr nuclear power plant. At September 2011, Duqu virus was discovered to gather information from manufacturers of industrial control systems, and six organizations from eight countries such as France, the Netherlands, Switzerland and India had been monitored to be infected by the virus. APT attacks have caused significant damages and impacts to the states, societies, businesses, organizations and individuals in recent years. This article first introduces the definition of APT attack and then gives the technical characteristics of APT. Finally, this article introduces the latest attack forms of the APT attack against smartphones, in order to enhance the people＇s awareness against the attack.