Download our Annual Cyber Threat Intelligence Report for a complete view of the current cyber threat landscape.
In this whitepaper, our Cyber Threat Intelligence (CTI) team share their key findings from 2023 and so far in 2024, including their ongoing research into top cyber criminal groups, state-affiliated threat actors, and their associated malicious infrastructure.
With our CTI team identifying over 36,000 unique IP addresses related to criminal and nation-state threat actor activity, over 195 threat groups, and analytics designed to identify and track malicious command and control infrastructure, this webinar provides unprecedented insight into the top cyber threats facing organisations over the past twelve months.
Politically Motivated Nation-State Attacks Remain a Key Threat
Russian, Chinese, Iranian and North Korean-affiliated threat actors still account for the majority of nation-state attacks worldwide, with increased efforts from all side being driven by the Russia-Ukraine and Israel-Palestine conflicts. Our team also made several observations relating to the passing of the Bipartisan Bicameral Bill and Chinese-directed cyber operations targeting Taiwan and the US.
Increased Hacktivism in Response to Geopolitical Events
As the Russian invasion of Ukraine continued throughout 2023, so did the accompanying hacktivist activity on both sides of the conflict. One of the more prominent pro-Russian groups, NoName057(16) (commonly known as NoName) continued its campaign of targeting countries that have imposed sanctions on Russia, NATO member states, or countries providing diplomatic, financial and military support to Ukraine.
SEO Poisoning
SEO poisoning - a type of attack where cyber criminals create malicious websites and use SEO techniques to rank their pages on Google - continued to be an effective initial infection mechanism in 2023. Coupled with the exploitation of new Microsoft technologies, various threat actors were able to infect victims that culminated in ransomware incidents involving Clop and Black Basta.
A New Ransomware-as-a-Service (RaaS) Player
In 2023, we collaborated with Group-IB and Michael Koczwara to uncover a new RaaS affiliate known as ShadowSyndicate; who remains highly active in global ransomware attacks. Based on their activity in 2023, they were observed working with ALPHV, Clop and Nokoyawa ransomware groups and were seen using a range of post-exploitation tools such as Cobalt Strike and Sliver.
Ransomware Groups Continue to Exploit Vulnerabilities in MFTs and VPNs
There were several major vulnerabilities exploited by ransomware groups during 2023, notably in file sharing platforms and VPN products. Managed File Transfer (MFT) vulnerabilities were quickly exploited by ransomware groups such as Clop, who later went on to exploit MoveIt, PaperCut and SysAid.