"Advanced" seems to refer to those that are on cutting edge with new/zero-day or created exploits, as opposed to just a persistent threat using existing exploits or botnets.
I'd be curious to know what kind of non-state APT groups in "The West" are at least tacitly approved, or 'sub-contracted'. The equivalent of say crime groups in Russia.
Equation group was the one I was trying to remember thnx (didnt know unit 8200, just seen them in an old homey trap a while ago trying SQL injections from some Israeli government IP addresses)
Those are not really apt designations except the equation group. The sanctioned ngo cyber actors are groups like finfisher, nso, the greek one that was just sanctioned, the remnants of Hacking Team. Alongside DIB companies like Raytheon, LockMart, etc. it's all rather aboveboard.
For actual apt designations, you would be hard pressed. You kind of need to find actual unattributed instruction sets. Like Regin or Flame, which is not a group so much as the name for an attack.
However, generally speaking The Lamberts (BlackLambert, WhiteLambert, etc) are allegedly the CIA, EquationGroup allegedly NSA, ProjectSauron is allegedly Western. DarkHotel is allegedly South Korean. Mainly these are Kaspersky designations. As the West doesn't really track the various intrusions, and the Chinese public-facing info is either deliberately wrong, or so old it's useless.
The headline would be a bit more accurate with: 'In response to US Cyber threats, and in retaliation for numerous data breaches incurred in the last 3 yeas, Iranian cyber-spies target...'
Seems the news agencies like to conveniently forget that part of the story.
Anyway, C2 means Command and Control, and APT stands for Advanced Persistent Threat, for those wondering.