What differentiates an APT from other Malware? An APT is define by the threat group attacking. There are no other factors in categorizing something as an APT. Any group with the ability to run large scale attacks on the Internet is an APT, An APT uses a broad spectrum of open source intelligence to target organizations. An APT is never a nation state or military. The designation is solely based on the complexity, novelty, and technical skill of the malware or attacker, An APT use a wide spectrum of intelligence and attack functionality, is incredibly well funded, they have a specific task such as a mission that includes remaining in systems, they are often nation-states or have funding and operations on par with many militaries, or An APT and Malware are functionally the same?