Advanced Persistence Threat, these groups are not an individual identity. They are mostly organizations or countries (based on agenda/political reasons) with expertise teams. Not a normal expert, they are trained professionals and they have the potential to break in any systems and move laterally in a LAN without being caught for years.
Even your antivirus cannot detect this movement, because they do not create
Key components of an APT is, moving laterally, being persistence, create CnC channel, getting payload with just a DNS request and more. Every APT attacks so far recorded, they do have uniqueways of propagating a network and they rely highly on open ports, unprotected network zones, vulnearables applications, network shares,etc. Once they break in, they do whatever they intend to do.