From 13 to 26 February 2023, NSFOCUS Security Labs found activity clues from 66 APT groups, one malware family (CoinMiner), and 426 threat actors targeting critical infrastructure.
APT Groups
Among the 66 APT groups discovered, the APT28 affected the most significant number of hosts from 13 to 26 February.
Number of hosts affected by APT groups from February 13 to February 26, 2023 (Click to enlarge)
Number of hosts affected by APT groups from February 13 to February 26, 2023
Threat Actors Targeting Critical Infrastructure
A total of 426 threat actors targeting critical infrastructure remained active in this period.
Distribution of activities by activity type from February 13 to February 26, 2023
Number of threat actors by target industry from February 13 to February 26, 2023
Knowledge Graphs of Highlighted APT Groups
APT28
First Discovery Time: 2020-11-13 07:38:40
Alias: Sofacy, Pawn Storm, Fancy Bear, Sednit, SNAKEMACKEREL, TsarTeam, Tsar Team, TG-4127, Group-4127, STRONTIUM, TAG_0700, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, apt_sofacy.
Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONTIUM, and its main targets are aviation, national defense, government agencies and international organizations.
Geolocation of Threat Actor: Russia
The diamond model of APT28
APT37
First Discovery Time: 2018-12-10 16:00:00
Description: APT37 has likely been active since at least 2012 and primarily targets the public and private sectors in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a broader range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities.
Geolocation of Threat Actor: North Korea
The Diamond model of APT37
MK-CC-26
First Discovery Time: 2022-05-19 11:49:41
Description: MK-CC-26 is an APT group using Cobalt Strike hacking toolkit.
The Diamond model of APT Group MK-CC-26
About NSFOCUS Security Labs
NSFOCUS Security Labs (NSL) is an internationally-recognized cybersecurity research and threat response center at the forefront of vulnerability assessment, threat hunting and mitigation research.
