Traditional Advanced Persistent Threat (APT) detection methods for “low-and-slow” attack patterns and frequent use of zero-day exploits are difficult to detect effectively. APT has become one of the most serious threats to cyberspace security. Attribution is a desired quality to counter a variety of attackers, and discovering the source and identity of the attacker through attribution and responding appropriately can help prevent future attacks. This paper begins by reviewing the process of APT attack attribution development, which we define as identifying the attacker (individual name, organization name, or alias), location (geographic location or Internet Protocol address), or attack process. Next we summarise the existing attribution models into 4 categories (Hierarchical Attribution Model, Diamond Model, Q Model, Enterprise Commercial Model). The evolutionary process of APT attribution techniques is then summarised and analysed. Finally future research directions for APT attribution are explored.