Security Experts:

Connect with us

Hi, what are you looking for?



33 New Adversaries Identified by CrowdStrike in 2022

CrowdStrike identified 33 new threat actors and campaigns in 2022, including many cybercrime groups and operations.

CrowdStrike on Tuesday published its 2023 Global Threat Report, which reveals that the company is now tracking more than 200 adversaries, after identifying 33 new threat actors and campaigns in 2022.

CrowdStrike told SecurityWeek that 14 of the 33 were actually brand new adversaries or activity, while the rest were linked to previous activity observed prior to 2022. 

More than 20 of the new threats were related to cybercriminal activities — the security firm tracks these as Spiders. The list also includes a Russia-linked group named Gossamer Bear, which has targeted government research labs, logistics companies, military suppliers and NGOs. 

CrowdStrike also added its first Syrian state-sponsored group to its tracker: Deadeye Hawk. The group was previously known as Deadeye Jackal — better known as the Syrian Electronic Army — and was categorized as a hacktivist group, but it has now been renamed and reclassified as a state-sponsored threat actor.  

CrowdStrike’s analysis of the threat landscape in 2022 also showed that cloud exploitation soared, with cloud exploitation cases increasing by 95%. 

In addition, attacks are also increasingly becoming ‘malware free’ — threat actors in many cases abused valid credentials and vulnerability exploitation for initial access rather than malware. Malware-free activity accounted for 71% of CrowdStrike’s detections last year, up from 62% in the previous year. 

The services of initial access brokers were in high demand last year, with the security firm seeing an increase of 112% in the number of ads for such services on the dark web.

There has also been an increase in cybercrime operations where attackers conducted data theft and extortion. The breakout time — the time it takes hackers to move from the initially compromised host to a different host within the victim’s network — has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

Average breakout times are important for defenders. If they can respond to an attack within that time window, they are more likely to minimize damage and costs. 

When it comes to state-sponsored activity, CrowdStrike says China was the most active last year, with its espionage operations being observed in nearly all global industry sectors and geographic regions tracked by the company. 

CrowdStrike has also confirmed the findings of other security firms regarding the cyber impact of the Russia-Ukraine war, saying that while Russia’s attacks were not insignificant, their impact was smaller than many expected. 

The full CrowdStrike 2023 Global Threat Report is available in PDF format. 

Related: Cyber Resilience: The New Strategy to Cope With Increased Threats

Related: Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.