Digital Media Net - Your Gateway To Digital media Creation. News and information on Digital Video, VR, Animation, Visual Effects, Mac Based media. Post Production, CAD, Sound and Music
Categories: News

Trellix Detects China-Affiliated APT Groups Behind Most Nation-State Threat Activity

The CyberThreat Report Unveils Financial, Telecom, and Energy Sectors Increasingly Under Attack

SAN JOSE, Calif.–(BUSINESS WIRE)–Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released the June 2023 edition of The CyberThreat Report from the Trellix Advanced Research Center which analyzes cybersecurity trends from the last quarter. Insights were gleaned from a global network of expert researchers who analyze over 30 million detections of malicious samples daily. Combined telemetry is collected from one billion sensors, and data from open and closed-source intelligence.


“A year into the Russia-Ukraine conflict, offensive cyber capabilities are being leveraged strategically by nation-states for espionage and disruption,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “For both leading and developing countries, we see risks to critical infrastructures like telecommunications, energy, and manufacturing by notable APT groups – a warning to public and private organizations to deploy modern protections to stay ahead of rapidly evolving threats.”

The latest Trellix Advanced Research Center report covers the first quarter of 2023 and is comprised of evidence of activity linked to ransomware and nation-state-backed APT actors, threats to email, malicious use of legitimate security tools, and more. Key findings include:

  • Coordinated Cyber Espionage. APT groups linked to China, including Mustang Panda and UNC4191, are the most active in targeting nation-states, generating 79% of all activity detected. Trellix predicts APT groups will continue cyber espionage and disruptive cyberattacks in tandem with physical military activity.
  • In Ransomware, Cash is King. Motivations for ransomware are still financial – reflected in the Insurance (20%) and Financial Services (17%) sectors having the most detections of potential attacks. The most common leak site victims are US-based (48%) mid-sized businesses with 51-200 employees (32%) and $10-50M in revenue (38%).
  • Cobalt Strike is a Favorite. Despite attempts in 2022 to make it harder for threat actors to abuse the tool, Cobalt Strike grows as a tool favored by cybercriminals and ransomware actors. Trellix detected Cobalt Strike in 35% of nation-state activity and 28% of ransomware incidents – almost double from Q4 2022.
  • Old Vulns, a Blast from the Past. Many critical vulnerabilities consist of bypasses to patches for older CVEs, supply chain bugs utilizing outdated libraries, or long-patched vulnerabilities that were never properly addressed. A disclosed Apple vulnerability in February 2023 had roots as far back as the FORCEDENTRY exploit disclosed in 2021.
  • Rogue Access to the Cloud. Cloud infrastructure attacks on Amazon, Microsoft, and Google are rising. Though more sophisticated attacks with multifactor authentication, proxy penetration, and API execution continue, the dominant attack technique uses valid accounts, at 2x more detections than any other vector. Rogue access to legitimate accounts in remote-work environments remains significant.

“Security Operations teams are in a race to enhance defense capabilities to protect organizations from growing attack surfaces,” said Joseph “Yossi” Tal, SVP, Trellix Advanced Research Center. “Already understaffed, teams are in a daily catch-up to process millions of data points across complicated networks. Trellix’s goal is to provide research to strengthen security postures through insights gleaned from our massive reservoir of intelligence.”

The CyberThreat Report includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Center, open and closed-source intelligence, and threat actor leak sites. The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious email, network behavior, or other indicator is detected and reported by the Trellix XDR platform.

Additional Resources

About the Trellix Advanced Research Center

The Trellix Advanced Research Center brings together an elite team of security professionals and researchers to produce insightful and actionable real-time intelligence to propel customer outcomes and the industry at large. Driven by the industry’s most comprehensive charter, our skilled researchers detect trends ahead of the market to empower our customers and partners to solve for emerging threats. More at https://www.trellix.com/en-us/advanced-research-center.html.

Follow the Trellix Advanced Research Center on Twitter.

Contacts

Shoba V. Lemoine

media@trellix.com

Staff

Recent Posts

Appy Pie’s No-Code AI Design Platform Simplifies Holiday Creations for Christmas Posters and Avatars

NEW DELHI, Dec. 21, 2024 /PRNewswire/ -- Appy Pie Design, a leading No-code AI Design…

19 hours ago

Thought Technology Ltd Celebrates 50 Years of Innovation and Excellence

Montreal-based Thought Technology Ltd wraps up its 50th year in business providing psychophysiological instrumentation to…

1 day ago

Gaudio Lab, Winner of CES Innovation Awards for Three Consecutive Years, to Unveil New Solutions at CES 2025

LAS VEGAS and SEOUL, South Korea, Dec. 20, 2024 /PRNewswire/ -- Gaudio Lab, a leader in…

1 day ago

Impossible Creative Unveils Cutting-Edge Immersive Experience at COP16

RIYADH, Saudia Arabia, Dec. 20, 2024 /PRNewswire/ -- Impossible Creative debuted innovative immersive storytelling technology…

2 days ago

Prescott, Arizona’s Jim & Linda Lee Performing Arts Center at Yavapai College Invests in Ayrton Rivale Profile and Karif-LT Fixtures

The Jim & Linda Lee Performing Arts Center, Northern Arizona’s premiere entertainment venue, has installed…

2 days ago

Perfect Corp. at CES 2025 to Highlight B2B Generative AI Innovations for Brands and B2C AI Features for Consumer Creators

Perfect Corp. will showcase AI-powered solutions and discuss the future of personalized consumer experiences at…

2 days ago