China-linked APT groups, including Mustang Panda and UNC4191, are the most active in targeting nation-states, producing nearly 79 percent of all detected threat activity in the first quarter of 2023, a new report showed on Wednesday.

According to the cybersecurity company Trellix, APT groups will continue cyber espionage and disruptive cyberattacks in tandem with physical military activity.

“For both leading and developing countries, we see risks to critical infrastructures like telecommunications, energy, and manufacturing by notable APT groups — a warning to public and private organizations to deploy modern protections to stay ahead of rapidly evolving threats,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center.

Buy Me A Coffee

Moreover, the report said that motivations for ransomware are still financial — reflected in the Insurance (20 percent) and Financial Services (17 percent) sectors having the most detections of potential attacks.

The most common leak site victims are US-based (48 percent) mid-sized businesses with 51-200 employees (32 percent) and $10-50M in revenue (38 percent).

Despite efforts in 2022 to make it more difficult for threat actors to abuse the tool, the Cobalt Strike tool grows in popularity among cybercriminals and ransomware actors.

The report found Cobalt Strike in 35 percent of nation-state activity and 28 percent of ransomware incidents, nearly doubling from the fourth quarter of 2022.

Further, the report mentioned that attacks on Amazon, Microsoft, and Google’s cloud infrastructure are on the rise.

Global Investigation Shuts Down Major Phishing-as-a-Service Platform, LabHost

Though more sophisticated attacks involving multifactor authentication, proxy penetration, and API execution continue, the dominant attack technique employs valid accounts, with valid accounts accounting for twice as many detections as any other vector.