2010–2016 — In early 2016 Cylance released an analysis of what they call Operation Dust Storm. That's a series of Advanced Persistent Threats that have been operating since before 2013, when RATs or Remote Access Trojans started to be called APTs. Attacks are known from 2010, starting with spear phishing with Word documents containing zero-day Flash exploits. A variety of vulnerabilities were used to implant a series of malware with different forms and capabilities.
The targets included Japanese critical infrastructure and resources — power, fuel, construction, finance, and transportation industries. So far they haven't been disruptive or destructive, and seem to be focused on long-term reconaissance and espionage.
Also see North Korea