State-sponsored or state-aligned advanced persistent threats (APTs) adapted to the changing geopolitical landscape in 2022. Cisco Talos observed several offensive cyber campaigns linked to several groups stemming from Russia, Iran, China, North Korea, and countries in the Indian subcontinent. These groups engaged in a variety of malicious activities, including espionage, intellectual property theft, and deploying destructive malware. Major trends observed include:
- Delivering new, custom malware and updated variants of previously known malware.
- Exploiting publicly known vulnerabilities, such as Log4j utilities.
- Updating tooling and behavior patterns to evade discovery.
- Increasing APT activity in our Cisco Talos Incident Response (CTIR) engagements, including the Iran state-sponsored MuddyWater group and several China affiliated APTs.
Visit the Year in Review page for the full report, with topic summary reports, livestreams, podcasts, and other content starting December 14th. New content will be added with each topic summary release through February. You can access the full 2022 Cisco Talos Year in Review report directly here: