Penland said that the attacks appear to have been directed at Oak Ridge's business systems. The lab's supercomputers, including the world's most powerful system, the 1.75-petaflop Jaguar, have been unaffected by the attacks and continue to operate normally.
As of this afternoon, the attacks appear to have been contained, she added. "Keeping the Internet down is a precaution to make sure that nothing gets out as we investigate further."
The email and Internet shutdown has forced employees to rely on fax machines and phone calls to communicate with the outside world since last Friday, she said.
APTs of the sort described by Mason are highly targeted, low intensity attacks designed to conduct espionage and to steal information from high-value targets. The attacks, many of which are believed to originate in China, were initially targeted at U.S. Air Force and government networks.
Over the last 18 months or so, a growing number of private companies have reported being victims of APTs as well. The most notable was Google, which last year accused China of launch APT attacks against it to steal its IP.
The security vendor RSA claimed recently that it was the victim of an APT attack after intruders broke into its networks and stole data on its SecurID technology.
Oak Ridge National Laboratory's status as a Department of Energy-funded lab, and the work it is doing especially in the area of supercomputers, makes it a prime target for an APT attack, said Rich Mogull, an analyst with Securosis.
The breach described by Oak Ridge certainly appears to fit into the classic mold of an APT attack in which attackers first try to compromise systems using highly targeted phishing mails and then drop zero-day malware to snoop on and steal data, Mogull said
But until more details are released it is hard to know for sure, other analysts said.
"The term 'Advanced Persistent Threat' is definitely being overhyped and used as an excuse way too often, as in 'Well, it wasn't really our fault it was an Advanced Persistent Threat'," said John Pescatore an analyst at Gartner. "Advanced simply means it got past your defenses and persistent means it took you too long to detect it once it got in."
Pete Lindstrom, an analyst with Spire Security, said the tern APT is often used these days as a face saving measure. "The definition of APT is so sufficiently muddled that anyone can claim APT and be right in some sense and wrong in another," he said. "The proof is in the defenses that could have prevented it -- if they are fundamental security measures then the notion of APT has no meaning."
Sign up for MIS Asia eNewsletters.