33 New Adversaries Identified by CrowdStrike in 2022

CrowdStrike on Tuesday published its 2023 Global Threat Report, which reveals that the company is now tracking more than 200 adversaries, after identifying 33 new threat actors and campaigns in 2022.

CrowdStrike told SecurityWeek that 14 of the 33 were actually brand new adversaries or activity, while the rest were linked to previous activity observed prior to 2022. 

More than 20 of the new threats were related to cybercriminal activities — the security firm tracks these as Spiders. The list also includes a Russia-linked group named Gossamer Bear, which has targeted government research labs, logistics companies, military suppliers and NGOs. 

CrowdStrike also added its first Syrian state-sponsored group to its tracker: Deadeye Hawk. The group was previously known as Deadeye Jackal — better known as the Syrian Electronic Army — and was categorized as a hacktivist group, but it has now been renamed and reclassified as a state-sponsored threat actor.  

CrowdStrike’s analysis of the threat landscape in 2022 also showed that cloud exploitation soared, with cloud exploitation cases increasing by 95%. 

In addition, attacks are also increasingly becoming ‘malware free’ — threat actors in many cases abused valid credentials and vulnerability exploitation for initial access rather than malware. Malware-free activity accounted for 71% of CrowdStrike’s detections last year, up from 62% in the previous year. 

The services of initial access brokers were in high demand last year, with the security firm seeing an increase of 112% in the number of ads for such services on the dark web.

There has also been an increase in cybercrime operations where attackers conducted data theft and extortion. The breakout time — the time it takes hackers to move from the initially compromised host to a different host within the victim’s network — has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

Average breakout times are important for defenders. If they can respond to an attack within that time window, they are more likely to minimize damage and costs. 

When it comes to state-sponsored activity, CrowdStrike says China was the most active last year, with its espionage operations being observed in nearly all global industry sectors and geographic regions tracked by the company. 

CrowdStrike has also confirmed the findings of other security firms regarding the cyber impact of the Russia-Ukraine war, saying that while Russia’s attacks were not insignificant, their impact was smaller than many expected. 

The full CrowdStrike 2023 Global Threat Report is available in PDF format. 

Related: Cyber Resilience: The New Strategy to Cope With Increased Threats

Related: Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability