I'm sick and tired of hearing this excuse!
So am I sick and tired of listening to people shouting know it all rubbish.
An attack in this class (non-script-k1dd10t) can be:
1. Undetected for years. The biggest problem is that the entrance date and attack vector are unknown
2. Designed to aggressively seek back up systems and compromise them.
Your first point of call is figuring out a clean cut off line. However without knowing and understanding the APT in full you do not know where to draw that cut-off line. Drawing it at f.e. 5 years back is not really an option. Drawing it at a year back may actually get you back to square one with the infection rampant in the network.