New Study Unveils Decade of Advanced Persistent Threats Targeting 154 Countries
Advanced Persistent Threats (APTs) impacted 154 countries over the past decade, with the United States, India, and South Korea among the most frequently targeted, a new study reveals. Presented at ACM CCS 2025 and awarded the Distinguished Paper honor, the research sheds light on the evolution of APT campaigns, their tactics, and patterns, drawing from a decade of Cyber Threat Intelligence (CTI) data.
APTs: A Decade of Global Cyber Threats
According to the study, APTs are among the most sophisticated forms of cyberattacks, backed by well-resourced entities such as nation-states. The analysis includes data from technical reports, documented threat actors, and security news articles between 2014 and 2023. Researchers observed that a disproportionate share of attacks stem from a handful of groups, including Lazarus, APT28, and APT29.
The data highlights evolving attack methods. Zero-day vulnerabilities peaked between 2014 and 2016, but attackers have increasingly leveraged one-day (known but unpatched) vulnerabilities. Common vectors include spear-phishing, malicious documents, and vulnerability exploitation. Remote code execution remains the dominant tactic, with Windows platforms as the primary target. Attack campaigns lasted an average of 137 days, with patching delays averaging 200 days.
Geopolitics and APT Motivations
The timing and targets of APT operations often coincide with global events, underscoring their geopolitical underpinnings. Russian groups like APT28 and Fancy Bear have targeted elections in the US and France, while global pandemics prompted surges in attacks on healthcare and research institutions by groups like APT41 and Lazarus. Economic motives were also evident, with financially-driven groups targeting banking and cryptocurrency platforms.
Geopolitical asymmetry was another key finding. For instance, data shows that China targeted the US 31 times more frequently than the reverse. Additionally, some nations conducted domestic surveillance, often focusing on political dissent or corporate espionage.
Future Outlook and Industry Implications
APTs continue to represent a major challenge for governments, corporations, and security researchers. Industry analysts emphasize the need for robust patch management, international cybersecurity collaboration, and better information sharing. However, the study also highlighted reluctance to disclose malware detection rules, citing confidentiality and evasion risks as primary barriers.
As cyberattacks increasingly align with international conflicts and global disruptions, businesses and governments must expect APTs to remain a persistent threat. This study provides valuable insights, but it also underscores the ongoing difficulties in mitigating the long-term impacts of such campaigns.
How can the telecom and IT industries better prepare for the evolving threat landscape of APTs? Share your thoughts in the comments.
