According to Trellix, major regional and global events have driven cyber threat activities, with a significant increase in the last six months. China-linked threat groups, such as Volt Typhoon, are the most prolific originators of advanced persistent threat (APT) activities, accounting for 68.3% of all detections. Russia-linked APT group, Sandworm, and Iran-linked threat groups have also seen a sharp increase in activity. Trellix found malicious emails aimed at tricking consumers into making false election contributions, with ransomware actors posing a significant threat to the transportation and shipping sector.
Cobalt Strike remains a popular tool among threat groups, despite a 17% decrease in detections. An EDR evasion tool called “Terminator” was used in a new campaign in January 2024, primarily targeting the telecom sector, which Trellix believes is related to the Russian-Ukrainian conflict. Trellix also observed the use of a free ChatGPT 4.0 Jabber tool in the cybercriminal underground, allowing threat actors to adopt GenAI into their operations. The report highlights the geopolitical motivations driving these cyber operations and the ongoing challenge of detecting and countering APT threats