An
APT is a sophisticated, prolonged attack — typically nation-state or state-sponsored — focused on long-term access for espionage, sabotage, or intellectual property theft. Average dwell time: 200+ days.
APT characteristics: sophisticated TTPs, patient (months/years), persistent (survive detection attempts), targeted (specific victim), well-resourced. APT1, APT28, APT29 (Cozy Bear) are named groups. Detection requires threat hunting — they evade automated tools.