An advanced persistent threat (APT) refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace surreptitious activities, generating substantial documentation on APT campaigns publicly available on the web. While prior works predominantly focus on specific aspects of APT cases, such as detection, evaluation, cyber threat intelligence, and dataset creation, limited attention has been devoted to revisiting and investigating these scattered dossiers in a longitudinal manner. The objective of our study is to fill the gap by offering a macro perspective, connecting key insights and global trends in past APT attacks. We systematically analyze six reliable sources-three focused on technical reports and another three on threat actors-examining 1,509 APT dossiers (24,215 pages) spanning 2014-2023, and identifying 603 unique APT groups worldwide. To efficiently unearth relevant information, we employ a hybrid methodology that combines rule-based information retrieval with large-language-model-based search techniques. Our longitudinal analysis reveals shifts in threat actor activities, global attack vectors, changes in targeted sectors, and relationships between cyberattacks and significant events such as elections or wars, which provide insights into historical patterns in APT evolution. Over the past decade, 154 countries have been affected, primarily using malicious documents and spear phishing as dominant initial infiltration vectors, with a noticeable decline in zero-day exploitation since 2016. Furthermore, we present our findings through interactive visualization tools, such as an APT map or flow diagram, to facilitate intuitive understanding of global patterns and trends in APT activities.

翻译：高级持续性威胁（APT）指由国家支持的行为者实施的隐蔽、长期的网络攻击，主要针对关键领域且通常能长时间不被察觉。为应对此类威胁，全球集体情报协作识别与追踪隐蔽活动，在网络上公开了大量关于APT活动的文档。尽管先前研究主要关注APT案例的特定方面，如检测、评估、网络威胁情报和数据集构建，但对这些分散档案进行纵向回顾与调查的关注有限。本研究旨在填补这一空白，通过提供宏观视角，连接过去APT攻击的关键见解与全球趋势。我们系统分析了六个可靠来源——三个聚焦技术报告，另三个关注威胁行为者——审查了2014年至2023年间的1,509份APT档案（共24,215页），并识别了全球603个独特的APT组织。为高效挖掘相关信息，我们采用结合基于规则的信息检索与基于大语言模型的搜索技术的混合方法。纵向分析揭示了威胁行为者活动的演变、全球攻击向量、目标行业的变化，以及网络攻击与重大事件（如选举或战争）之间的关联，为APT演进的历史模式提供了洞见。过去十年间，154个国家受到影响，主要使用恶意文档和鱼叉式钓鱼作为主导的初始渗透向量，且自2016年以来零日漏洞利用显著减少。此外，我们通过交互式可视化工具（如APT地图或流程图）呈现研究结果，以促进对APT活动全球模式与趋势的直观理解。