While new tools are needed to combat ever changing security threats, it is helpful to examine the history of the APT, because it is possible to derive many important lessons for defending against them in the future.
Stuxnet was designed to spread initially through an infected USB drive and then use other exploits to infect or update other computers. It was controlled through two websites in Denmark and Malaysia. The malware contained four different zero-day exploits, a considerable investment for a single attack because such exploits can be sold for hundreds of thousands of dollars.
The size and sophistication of the code indicated that the development cost would have been substantial, requiring on the order of a dozen or more man-years. Further derivatives of Stuxnet, called Duqu and Flame, were discovered over the next two years, suggesting that these attacks were part of an ongoing development program.