Saved in:
Bibliographic Details
Main Authors: Yuldoshkhujaev, Shakhzod, Jeon, Mijin, Kim, Doowon, Nikiforakis, Nick, Koo, Hyungjoon
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.07457
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917185345028096
author Yuldoshkhujaev, Shakhzod
Jeon, Mijin
Kim, Doowon
Nikiforakis, Nick
Koo, Hyungjoon
author_facet Yuldoshkhujaev, Shakhzod
Jeon, Mijin
Kim, Doowon
Nikiforakis, Nick
Koo, Hyungjoon
contents An advanced persistent threat (APT) refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace surreptitious activities, generating substantial documentation on APT campaigns publicly available on the web. While prior works predominantly focus on specific aspects of APT cases, such as detection, evaluation, cyber threat intelligence, and dataset creation, limited attention has been devoted to revisiting and investigating these scattered dossiers in a longitudinal manner. The objective of our study is to fill the gap by offering a macro perspective, connecting key insights and global trends in past APT attacks. We systematically analyze six reliable sources-three focused on technical reports and another three on threat actors-examining 1,509 APT dossiers (24,215 pages) spanning 2014-2023, and identifying 603 unique APT groups worldwide. To efficiently unearth relevant information, we employ a hybrid methodology that combines rule-based information retrieval with large-language-model-based search techniques. Our longitudinal analysis reveals shifts in threat actor activities, global attack vectors, changes in targeted sectors, and relationships between cyberattacks and significant events such as elections or wars, which provide insights into historical patterns in APT evolution. Over the past decade, 154 countries have been affected, primarily using malicious documents and spear phishing as dominant initial infiltration vectors, with a noticeable decline in zero-day exploitation since 2016. Furthermore, we present our findings through interactive visualization tools, such as an APT map or flow diagram, to facilitate intuitive understanding of global patterns and trends in APT activities.
format Preprint
id arxiv_https___arxiv_org_abs_2509_07457
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends
Yuldoshkhujaev, Shakhzod
Jeon, Mijin
Kim, Doowon
Nikiforakis, Nick
Koo, Hyungjoon
Cryptography and Security
An advanced persistent threat (APT) refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace surreptitious activities, generating substantial documentation on APT campaigns publicly available on the web. While prior works predominantly focus on specific aspects of APT cases, such as detection, evaluation, cyber threat intelligence, and dataset creation, limited attention has been devoted to revisiting and investigating these scattered dossiers in a longitudinal manner. The objective of our study is to fill the gap by offering a macro perspective, connecting key insights and global trends in past APT attacks. We systematically analyze six reliable sources-three focused on technical reports and another three on threat actors-examining 1,509 APT dossiers (24,215 pages) spanning 2014-2023, and identifying 603 unique APT groups worldwide. To efficiently unearth relevant information, we employ a hybrid methodology that combines rule-based information retrieval with large-language-model-based search techniques. Our longitudinal analysis reveals shifts in threat actor activities, global attack vectors, changes in targeted sectors, and relationships between cyberattacks and significant events such as elections or wars, which provide insights into historical patterns in APT evolution. Over the past decade, 154 countries have been affected, primarily using malicious documents and spear phishing as dominant initial infiltration vectors, with a noticeable decline in zero-day exploitation since 2016. Furthermore, we present our findings through interactive visualization tools, such as an APT map or flow diagram, to facilitate intuitive understanding of global patterns and trends in APT activities.
title A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends
topic Cryptography and Security
url https://arxiv.org/abs/2509.07457