Bread Crumbs of Threat Actors (Nov 21, 2022 – Dec 4, 2022)

Bread Crumbs of Threat Actors (Nov 21, 2022 – Dec 4, 2022)

December 22, 2022 | Adeline Zhang

From November 21, 2022 to December 4, 2022, NSFOCUS Security Labs found activity clues of 60 APT groups, 2 malware families (Mozi ransomware and Banload Trojan horse), and 510 threat actors targeting critical infrastructure.

APT Groups

Among the 60 discovered APT groups, the APT group Outlaw affected the most significant number of hosts from November 21 to December 4, 2022.

Number of hosts affected by APT groups from November 21, 2022 through December 4, 2022

Industries affected by APT groups from November 21, 2022 through December 4, 2022

Threat Actors Targeting Critical Infrastructure

A total of 510 threat actors targeting critical infrastructure remain active from November 21, 2022 through December 4, 2022.

Distribution of activities by activity type from November 21, 2022

Number of threat actors by target industry from November 21, 2022 through December 4, 2022

Knowledge Graphs of Highlighted APT Groups

Outlaw

First Discovery Time: 2020-07-03 06:36:58

Description: The Outlaw botnet uses brute force and SSH to achieve remote access to target systems, and spreads Perl-based Shellbots and Monero miners.

Diamond model of the APT group Outlaw

APT28

First Discovery Time: 2020-11-13 07:38:40

Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONGIUM, and its main targets are aviation, national defense, government agencies and international organizations.

Geolocation of Threat Actor: Russia 

Diamond model of the group APT28

SideWinder

First Discovery Time: 2020-02-12 03:10:54

Description: An actor mainly targeting Pakistan military targets, active since at least 2012.

Geolocation of Threat Actor: India 

Diamond model of the APT group SideWinder