Bread Crumbs of Threat Actors (Dec 19, 2022 – Jan 1, 2023)

Bread Crumbs of Threat Actors (Dec 19, 2022 – Jan 1, 2023)

janeiro 12, 2023 | NSFOCUS

From December 19, 2022 to Jan 1, 2023, NSFOCUS Security Labs found activity clues of 61 APT groups, 3 malware families (Zbot botnet, SpicyHotPot Trojan, and Banload Trojan), and 490 threat actors targeting critical infrastructure.

APT Groups

Among the 61 APT groups discovered, the APT28 affected the most significant number of hosts from December 19 to Jan 1, 2023.

Number of hosts affected by APT groups from December 19, 2022 through Jan 1, 2023

Industries affected by APT groups from December 19, 2022 through Jan 1, 2023

Threat Actors Targeting Critical Infrastructure

A total of 490 threat actors targeting critical infrastructure remained active in this period.

Distribution of activities by activity type from December 19, 2022 through Jan 1, 2023

Number of threat actors by target industry from December 19, 2022 through Jan 1, 2023

Knowledge Graphs of Highlighted APT Groups

APT28

First Discovery Time: 2020-11-13 07:38:40
Description: APT28 is a famous cyber espionage group. Some researchers believe this organization belongs to the GRU of the Russian Federation. APT 28 is also known as Sofacy Group and STRONTIUM, and its main targets are aviation, national defense, government agencies and international organizations.
Geolocation of Threat Actor: Russia

Diamond model of APT28

NoName057 (16)

First Discovery Time: 2022-09-16 07:49:06
Description: NoName057 (16) hackers are carrying out DDoS attacks on the websites of Ukrainian government agencies, news agencies, military, suppliers, telecommunications companies, transport authorities, financial institutions and other organizations, as well as neighboring countries supporting Ukraine (such as Estonia, Lithuania, and Norway). NoName057 (16) is a pro-Russian hacker organization. They showed off their attack cases on Telegram channel, which has more than 14000 subscribers. After successfully attacking the Finnish and Polish parliaments, the organization was exposed in the media in early August 2022.
Geolocation of Threat Actor: Russia

Diamond model of APT Group NoName057 (16)

MK-CC-21

First Discovery Time: 2022-05-19 11:49:38
Description: MK-CC-21 is an APT group based in the United States. This group uses Cobalt Strike as the attack tool.
Geolocation of Threat Actor: United States of America (USA)

Diamond model of APT Group MK-CC-21

About NSFOCUS Security Labs

NSFOCUS Security Labs (NSL) is an internationally-recognized cybersecurity research and threat response center at the forefront of vulnerability assessment, threat hunting and mitigation research.