An unknown leaker is publishing hacking tools used by the APT34 attack group that has been linked to Iranian intelligence.
A recent intrusion at Norwegian MSP Visma that researchers attribute to APT10 demonstrates the changing tactics of some advanced attack groups.
Two Russian-speaking APT teams recently have been seen using shared code and targeting the same organizations.
Creating static profiles of APT groups has limited value as tactics and tools shift constantly. So some researchers are advocating a move to dynamic profiles of adversaries.