From December 19, 2022 to Jan 1, 2023, NSFOCUS Security Labs found activity clues of 61 APT groups, 3 malware families (Zbot botnet, SpicyHotPot Trojan, and Banload Trojan), and 490 threat actors targeting critical infrastructure.
APT Groups
Among the 61 APT groups discovered, the APT28 affected the most significant number of hosts from December 19 to Jan 1, 2023.
Number of hosts affected by APT groups from December 19, 2022 through Jan 1, 2023
Industries affected by APT groups from December 19, 2022 through Jan 1, 2023
Threat Actors Targeting Critical Infrastructure
A total of 490 threat actors targeting critical infrastructure remained active in this period.
Distribution of activities by activity type from December 19, 2022 through Jan 1, 2023
Number of threat actors by target industry from December 19, 2022 through Jan 1, 2023
Knowledge Graphs of Highlighted APT Groups
APT28
First Discovery Time: 2020-11-13 07:38:40
Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONTIUM, and its main targets are aviation, national defense, government agencies and international organizations.
Geolocation of Threat Actor: Russia
Diamond model of APT28
NoName057 (16)
First Discovery Time: 2022-09-16 07:49:06
Description: NoName057 (16) hackers are carrying out DDoS attacks on the websites of Ukrainian government agencies, news agencies, military, suppliers, telecommunications companies, transport authorities, financial institutions and other organizations, as well as neighboring countries supporting Ukraine (such as Estonia, Lithuania, and Norway). NoName057 (16) is a pro-Russian hacker organization. They showed off their attack cases on Telegram channel, which has more than 14000 subscribers. After successfully attacking the Finnish and Polish parliaments, the organization was exposed in the media in early August 2022.
Geolocation of Threat Actor: Russia
Diamond model of APT Group NoName057 (16)
MK-CC-21
First Discovery Time: 2022-05-19 11:49:38
Description: MK-CC-21 is an APT group based in the United States. This group uses Cobalt Strike as the attack tool.
Geolocation of Threat Actor: United States of America (USA)
Diamond model of APT Group MK-CC-21
About NSFOCUS Security Labs
NSFOCUS Security Labs (NSL) is an internationally-recognized cybersecurity research and threat response center at the forefront of vulnerability assessment, threat hunting and mitigation research.
