THANK YOU FOR YOUR INTEREST IN NSFOCUS REPORTS
2024 APT Annual Landscape Report
In 2024, the global APT attack landscape was closely tied to the international political scenario. South Asia, East Asia, Eastern Europe, and the Middle East witnessed a significant number of APT activities, overlapping with regions of ongoing turmoil and conflict.
The political environment’s urgency made APT groups more utilitarian and aggressive. They sacrificed some stealth for higher success rates, adjusting exploitation strategies for zero – day vulnerabilities. These vulnerabilities were deployed not only in lateral movement but also in initial access, speeding up attacks.
Government departments remained the prime targets of global APT groups, especially diplomatic sectors. Additionally, hospitals, universities, enterprises, and other non – governmental organizations faced frequent APT phishing attacks. Units with more knowledge reserves were more at risk. Political tensions led military units and defense industries in Eastern Europe, the Middle East, etc., to be major targets.
China saw a continuous increase in APT attacks on public network equipment, mainly espionage – related. Targets included government departments, enterprises, research institutions, universities, and hotels. The high value of China’s public network equipment made it a primary target for overseas APT attackers.
The progress of APT detection technology spurred changes in APT techniques and tactics. In 2024, many APT groups employed false flag tactics to disrupt defender’s attribution and traceability. Some took over botnet CnC to build spy platforms, while others developed new attack techniques and used legal system components for fileless attacks, bypassing endpoint security device detection.
