Day said that Symantec had also been tracking APT1 for six years.
"We can see consistency in the codes that were behind it, and the source sites which [the group] were using and where they were hosting from, but does it add any value for us whether it is a government group, a state-sponsored group or a military group? It's not our focal area," he said.
But added that the firm is now working more with government to get this information to them.
"We would always reach out to the ISP to say ‘we think your site is compromised, you should shut it down and here is why', and work with law enforcement and say ‘here is the evidence we've got, you may want to take this further'," he said.
Day gave an example of the Taiwanese government updating some of its military capabilities as evidence that any situation could be seen differently by a number of nations.
"As the Taiwanese government were going out to tender, we could see traffic going back to the US, Taiwan, China and other countries as well, but obviously someone was trying to get in the middle of that bid process," he said.
"You could argue it was a company trying to outbid everyone else or that it was one of the other nations trying to understand what Taiwan's future capabilities were going to be. People can look at it from so many different angles. It was interesting in that they were trying to update their military capability and cyber was used as a sub-part of that process," he added.
The festive period is a potentially rewarding period for cyber criminals
New method will identify subscribers who make duplicates of Amazon's copyrighted content
Q3 DDoS attacks accounted for 56 per cent of all attacks seen so far this year
Attackers could steal names, pictures and even information on the kind of partner a Bumble user was seeking
British companies see Russia as a bigger threat than China