There is absolutely differing levels of sophistication in cyber attacks. The presence of new exploits, clever persistence mechanisms, evidence of a staged attack involving multiple targets (i.e. attacking a company through a compromised vendor, using a certificate from a prior breach), ability to break out of security boundaries like hypervisors, custom malware, jumping of air gaps, handling of multi-factor authentication, clever use and depth of renaissance, ability to change tactics in response to detection, specialization across multiple security contexts, highly scoped and pre-planned operations; these are some things that suggest higher levels of sophistication.
Unfortunately the term is thrown around pretty loosely, limiting the usefulness of the term.
