What is it about?
Advanced Persistent Threats (APTs) represent one of the most sophisticated forms of cyber attacks. Unlike traditional hacking, APTs are long-term, highly targeted, and covert. They are typically sponsored by nation-states or well-resourced groups pursuing political, military, or economic goals. Given the high severity of these attacks, substantial technical reports exist on the web. While existing works on APTs focus on areas such as detection or classification, only a limited number of studies have examined them from a longitudinal perspective. In this study, we collected and analyzed ten years of public APT reports, using both rule-based information retrieval and large-language-model–based methods to map long-term trends. Our goal was to piece together the evolution of these campaigns, the tactics and vulnerabilities they relied on, the common traits of APTs, and external dynamics influencing or motivating these operations.
Featured Image
Photo by Nick Romanov on Unsplash
Why is it important?
Even though many organizations publish technical reports about individual APT campaigns, most academic research has focused on narrow aspects of these attacks rather than the larger picture. However, when APT activity is examined over an extended period of time, broader patterns and relationships become visible. This research helps reveal those long-term patterns by analyzing a decade of APT operations. Our analysis can assist in identifying broader trends and patterns, offering valuable insights into the evolution of APT targets, malware samples, and sophisticated attack techniques. To support future work in this area, we also publicly released our curated dataset.
Perspectives
What I find most interesting about this work is that it reveals long-term patterns in APT activity, even though these attacks are designed to remain hidden. We observe recurring findings such as the most common APT targets, key threat actors, and the tactics they use. We also analyze attack duration and identify cases where a country appears as both an attacker and a victim, and even cases of self-directed attacks. Finally, we examine how external factors may influence APT operations. To facilitate the exploration of APT campaign data by the general public, we designed interactive map and flow diagram, visualizing our findings. With this work, I hope to increase awareness of these covert cyberattacks and encourage future research in this area.
Shakhzod Yuldoshkhujaev
Sungkyunkwan University
Read the Original
This page is a summary of: A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends, November 2025, ACM (Association for Computing Machinery),
DOI: 10.1145/3719027.3765085.
You can read the full text:
Resources
Contributors
The following have contributed to this page
