Key Takeaways
- APT group Lazarus responsible for 30% of crypto heists 2023.
- APT28 (Fancy Bear) attributed to GRU with 50+ campaigns since 2004.
- China-linked APT41 conducted 100+ intrusions 2023 per Mandiant.
- Average cost of APT breach $4.45M IBM X-Force 2023.
- APTs caused 25% of $8T global cybercrime cost 2023.
- Data theft in 60% APTs valued at $10M avg Verizon.
- In 2023, APT attacks increased by 42% compared to 2022, according to the CrowdStrike Global Threat Report.
- There were 142 distinct APT groups tracked in 2023 by Mandiant.
- 71% of organizations experienced an APT intrusion in the past year per Verizon DBIR 2023.
- 80% of APTs targeted government sectors per Mandiant 2023.
- Financial services hit by 25% of APTs in 2023 Verizon DBIR.
- Healthcare saw 30 APT intrusions per CrowdStrike 2023.
- Log4Shell exploited in 60% APTs targeting Java apps.
- 85% APTs used phishing initial access 2023 Mandiant.
- Living off the land techniques in 70% APTs Verizon.
APT activity surged in 2023, with data theft and ransomware driving multi million dollar losses.
Related reading
01 · Category
Attribution27 stats
Attribution Interpretation
02 · Category
Impacts29 stats
Impacts Interpretation
03 · Category
Prevalence30 stats
Prevalence Interpretation
More related reading
04 · Category
Targets26 stats
Targets Interpretation
05 · Category
Techniques26 stats
Techniques Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Timothy Grant. (2026, February 13). Advanced Persistent Threat Statistics. Gitnux. https://gitnux.org/advanced-persistent-threat-statistics
Timothy Grant. "Advanced Persistent Threat Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/advanced-persistent-threat-statistics.
Timothy Grant. 2026. "Advanced Persistent Threat Statistics." Gitnux. https://gitnux.org/advanced-persistent-threat-statistics.
Sources & references
45 datasets cited across this report · attribution is report-level

