Threat Intelligence Landscape 2023

Russian, Chinese, Iranian and North Korean-affiliated threat actors still account for the majority of nation-state attacks worldwide, with increased efforts from all side being driven by the Russia-Ukraine and Israel-Palestine conflicts. Our team also made several observations relating to the passing of the Bipartisan Bicameral Bill and Chinese-directed cyber operations targeting Taiwan and the US.

As the Russian invasion of Ukraine continued throughout 2023, so did the accompanying hacktivist activity on both sides of the conflict. One of the more prominent pro-Russian groups, NoName057(16) (commonly known as NoName) continued its campaign of targeting countries that have imposed sanctions on Russia, NATO member states, or countries providing diplomatic, financial and military support to Ukraine.

SEO poisoning - a type of attack where cyber criminals create malicious websites and use SEO techniques to rank their pages on Google - continued to be an effective initial infection mechanism in 2023. Coupled with the exploitation of new Microsoft technologies, various threat actors were able to infect victims that culminated in ransomware incidents involving Clop and Black Basta.

In 2023, we collaborated with Group-IB and Michael Koczwara to uncover a new RaaS affiliate known as ShadowSyndicate; who remains highly active in global ransomware attacks. Based on their activity in 2023, they were observed working with ALPHV, Clop and Nokoyawa ransomware groups and were seen using a range of post-exploitation tools such as Cobalt Strike and Sliver.