From November 21, 2022 to December 4, 2022, NSFOCUS Security Labs found activity clues of 60 APT groups, 2 malware families (Mozi ransomware and Banload Trojan horse), and 510 threat actors targeting critical infrastructure.
APT Groups
Among the 60 discovered APT groups, the APT group Outlaw affected the most significant number of hosts from November 21 to December 4, 2022.
Number of hosts affected by APT groups from November 21, 2022 through December 4, 2022
Industries affected by APT groups from November 21, 2022 through December 4, 2022
Threat Actors Targeting Critical Infrastructure
A total of 510 threat actors targeting critical infrastructure remain active from November 21, 2022 through December 4, 2022.
Distribution of activities by activity type from November 21, 2022
Number of threat actors by target industry from November 21, 2022 through December 4, 2022
Knowledge Graphs of Highlighted APT Groups
Outlaw
First Discovery Time: 2020-07-03 06:36:58
Description: The Outlaw botnet uses brute force and SSH to achieve remote access to target systems, and spreads Perl-based Shellbots and Monero miners.
Diamond model of the APT group Outlaw
APT28
First Discovery Time: 2020-11-13 07:38:40
Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONGIUM, and its main targets are aviation, national defense, government agencies and international organizations.
Geolocation of Threat Actor: Russia
Diamond model of the group APT28
SideWinder
First Discovery Time: 2020-02-12 03:10:54
Description: An actor mainly targeting Pakistan military targets, active since at least 2012.
Geolocation of Threat Actor: India
Diamond model of the APT group SideWinder
