With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have had to adapt with new operational security practices, as well as with new technology.
With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have has to adapt with new operational security practices, as well as with new technology.
Examples of this are how long it takes for a threat actor to take its operation offline once a public report of it's tools is getting released, or the technology it may be using to cope when its expensive code base that has taken years of development suddenly becomes public property.
Two quick examples are the geographical distribution of attacks, which are often (mis)used in attribution, and the use of cryptography for reuse of now public code bases.