Our Approach

Definitive Guide to Ransomware

Threats Overview

Hunt & Hackett is continuously monitoring the threat landscape of several important sectors. Threats come and go, from global threats like ransomware to more targeted sector-specific threats. The more knowledge you have on the threats that are actually relevant for your specific sector and organization, the better, easier and more cost-efficient your cybersecurity strategy will be.

On this page you will find high-level threat insights in the sectors we protect, as well as an overview of each attacking country and actor we have researched.

Request a free membership to access our full research insights

Global threat landscape

What are we currently facing?

0

Advanced Persistent Threats (APTs)

0

Tactics, Techniques & Procedures (TTPs)

0

Attack tools

Top-20 Actors

By amount of Operations

Sectors

View the details per sector

increasing-mdr-value

Agriculture

Horticulture, farming, fishery, seeds & food.

View

energy-full

Energy

Wind, solar, nuclear & infrastructure.

View

pexels-julius-silver-753331_EDIT

Maritime

Shipbuilding & ports.

View

manufacturing

Manufacturing

Industrials, aerospace, engineering & goods.

View

technology2

Technology

Semiconductors, electronics, bio- & nano tech.

View

voting2

Governments

National, local & related organizations.

View

h2_logistics

Logistics

Transporting and storing raw materials, finished goods, inventory, and other resources

View

Actors per Country

Who are we defending against?

Hunt & Hackett is continuously monitoring the activity of Advanced Persistent Threats (APTs). Although the background and exact motivation is unique for each actor, most actors can be linked to a limited set of countries. When zooming out to a country level, typical patterns and motivations per country become visible. Some countries show up more often in our data than others, these are shown below.

Threats come and go, from global threats like ransomware to more targeted sector-specific threats. The more knowledge you have on the threats that are actually relevant for your specific sector and organization, the better, easier and more cost-efficient your cybersecurity strategy will be.

🇮🇷 Iran

Despite having less sophisticated cyber capabilities than other nation states, Iran’s APTs have made a notable impact on the global threat landscape. Leveraging a mix of state-sponsored units, universities, and contractors, Iran focuses on espionage, information theft, and disruption. Its activities in cyberspace are strongly motivated by regional interests and protection of the Iranian regime. Hunt & Hackett currently tracks the activity of 60 distinct Iranian threat actors.

ontwerper_silhouettes_sitting_behind_multiple_computer_screens__1b2f21e3-0f99-443c-8ee8-b1dfb35348d2

APT34

APT34, or OilRig, is an Iranian threat actor with ties to the Ministry of Intelligence. The group’s motivations include espionage and information theft, and they have been known to target governments and the defense sector. Discover their recent campaigns, tactics, and how to defend against them.

Read more

ontwerper_silhouettes_sitting_behind_multiple_computer_screens__67b1fb3e-5c5a-456c-83d7-817331914b29

Charming Kitten

APT35, also known as Charming Kitten, is a versatile and scrappy threat actor associated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The Kittens have been linked to several high-profile attacks, including the 2017 HBO hack and interference in the 2020 US presidential election.

Read more

ontwerper_silhouette_behind_multiple_computer_screens_surrounde_b4fd7066-7034-49fc-9e69-d8226e6ee57a

Silent Librarian

Silent Librarian is an IRGC-linked group that has mastered the art of spear phishing since it emerged in 2013. The group is typically leveraged for information theft and espionage targeting Western states. Learn which tactics the group uses to infiltrate organizations and steal valuable information.

Read more

🇷🇺 Russia

Russia boasts a collection of highly advanced, mature APTs who have been behind some of the most notorious cyberattacks in history. It leverages these groups to conduct espionage, disrupt critical infrastructure, and spread disinformation campaigns designed to influence public opinion and destabilize global political systems. Russia also houses a collection of proxies and organized crime groups who conduct opportunistic attacks for financial gain. These groups dominate the global ransomware market and have been a major driver of the Ransomware-as-Service model seen in recent years. Hunt & Hackett currently tracks the activity of 74 Russian threat actors.

APT-29

APT28

APT28, or Fancy Bear, is considered one of Russia’s most prolific threat actors. Uncover their motivations, TTPs, and notable campaigns, including the DNC hack that exposed Hillary Clinton’s emails before the 2016 US presidential election.

Read more

ontwerper_silhouette_behind_multiple_computer_screens_and_hardw_56685470-b7b3-4e10-98be-686bcb379480

APT29

With links to Russia’s foreign intelligence agency, APT29 is a sophisticated and stealthy group behind several high-profile cyberattacks, including the infamous SolarWinds supply chain attack. Explore their origins, motivations, and modus operandi.

Read more

Sandworm

Sandworm

Sandworm is a Russian threat actor behind some of the most destructive cyber attacks around the world. They typically focus on regions with geopolitical significance for Russia and have been known to target the energy and telecomms sectors.

Read more

🇨🇳 China

China is one of the most advanced nations in terms of leveraging cyber capabilities to further its strategic objectives. Substantial investments in the national cyber apparatus have spawned vast networks of APTs, hacktivists, and contractors, who typically focus on espionage, information theft and disruption. The broad goals of China’s cyber strategy are maintaining territorial integrity, growing the economy, and modernizing its military. Hunt & Hackett currently tracks the activity of 29 Chinese APTs.

ontwerper_silhouette_behind_multiple_computer_screens_and_hardw_25524fb2-ce29-4cac-a8a1-1d5724954fd1

APT41

APT41, also known as Double Dragon, is one of China’s most innovative and formidable threat actors. Known for conducting a mixture of state-sponsored espionage and financially motivated cybercrime, this group defies the norms of Chinese APTs.

Read more

🇹🇷 Turkey

Turkey has increasingly utilized cyberspace to advance its geopolitical agenda. In recent years, Turkish APTs have been linked to attacks on regional neighbours Greece, Cyprus, and Iraq. Turkey is also known to target domestic organizations it views as threatening, as well as Turkish dissidents. In 2023, Hunt & Hackett observed cyberattacks in the Netherlands targeting telecommunications, IT-service providers, ISPs, and the media, specifically Kurdish websites. The stolen information is likely to be exploited for surveillance of specific groups or individuals. Read the Seaturtle profile below to learn more.  

ontwerper_silhouettes_sitting_behind_multiple_computer_screens__07367d47-a081-407d-af39-f47943e53d15

Seaturtle

Seaturtle is a Turkey-based APT with a focus on acquiring economic and political intelligence through espionage and information theft. They have been known to target organizations in a range of sectors, both public and private, as well as Kurdish dissidents.

Read more

🇰🇵 North Korea

North Korea leverages its cyber capabilities as a way of circumventing international sanctions and funding its nuclear and ballistic missile programmes. It houses several large teams of hackers whose motivations include espionage, information theft, disruption, and financial gain. The broad goals of North Korea’s cyber strategy are safeguarding the regime, maintaining territorial integrity, and achieving military and economic self-reliance. Hunt & Hackett currently tracks the activity of 19 North Korean threat actors.

Lazarus

Lazarus

The Lazarus Group is one of the most prolific and eccentric threat actors on the global stage. Having orchestrated some of the world’s most high-profile attacks, including the Sony hack, Bangladesh bank heist, and infamous WannaCry attacks, they are considered a formidable adversary.

Read more

Our approach

Controlling your cybersecurity risks

In their fight against cyber-attacks, our customers typically go through several stages of maturity. By ramping up their prevention, detection, and incident readiness over time – and optimizing this for their actual threat landscape – they reach a point where they have developed solid resilience against targeted attacks, with only highly controlled and accepted risks remaining.

There is no simple 'fix' to become resilient against the sophisticated cyber threats of today. Without serious resources or processes for systematic security activities, protection against modern cyber threats like ransomware is just a wish. Hunt & Hackett has developed a unique threat- and sector-driven approach to cybersecurity, enabling you to work from your current situation to a highly improved and controlled situation, optimized for your specific threat landscape and context as an organization.

Our services

Optimized for your specific sector

Because we use your actual threat landscape and your sector as our starting points, our services are optimised for your specific context and needs.

Managed Detection & Response (MDR)

We detect & react to attacker activity in your environment, minimizing the impact on your business.

Security Program Gap Assessment (SPGA)

We assess your current security program, threat landscape, security controls and risk.

Threat Hunting (TH)

We proactively hunt for evidence about unknown threats to improve your security posture.

Breach & Attack Simulation (BAS)

We validate your security choices by simulating attacks.

Incident Response (IR)

We help you manage a cyber crisis and contain security incidents, breaches and cyber threats.

Learn more about our threat research?

Get in touch