CrowdStrike on Tuesday published its 2023 Global Threat Report, which reveals that the company is now tracking more than 200 adversaries, after identifying 33 new threat actors and campaigns in 2022.
CrowdStrike told SecurityWeek that 14 of the 33 were actually brand new adversaries or activity, while the rest were linked to previous activity observed prior to 2022.
More than 20 of the new threats were related to cybercriminal activities — the security firm tracks these as Spiders. The list also includes a Russia-linked group named Gossamer Bear, which has targeted government research labs, logistics companies, military suppliers and NGOs.
CrowdStrike also added its first Syrian state-sponsored group to its tracker: Deadeye Hawk. The group was previously known as Deadeye Jackal — better known as the Syrian Electronic Army — and was categorized as a hacktivist group, but it has now been renamed and reclassified as a state-sponsored threat actor.
CrowdStrike’s analysis of the threat landscape in 2022 also showed that cloud exploitation soared, with cloud exploitation cases increasing by 95%.
In addition, attacks are also increasingly becoming ‘malware free’ — threat actors in many cases abused valid credentials and vulnerability exploitation for initial access rather than malware. Malware-free activity accounted for 71% of CrowdStrike’s detections last year, up from 62% in the previous year.
The services of initial access brokers were in high demand last year, with the security firm seeing an increase of 112% in the number of ads for such services on the dark web.
There has also been an increase in cybercrime operations where attackers conducted data theft and extortion. The breakout time — the time it takes hackers to move from the initially compromised host to a different host within the victim’s network — has decreased from 98 minutes in 2021 to 84 minutes in 2022.
Average breakout times are important for defenders. If they can respond to an attack within that time window, they are more likely to minimize damage and costs.
When it comes to state-sponsored activity, CrowdStrike says China was the most active last year, with its espionage operations being observed in nearly all global industry sectors and geographic regions tracked by the company.
CrowdStrike has also confirmed the findings of other security firms regarding the cyber impact of the Russia-Ukraine war, saying that while Russia’s attacks were not insignificant, their impact was smaller than many expected.
The full CrowdStrike 2023 Global Threat Report is available in PDF format.
Related: Cyber Resilience: The New Strategy to Cope With Increased Threats
Related: Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
- Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
- Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
