The report reveals a rise in nation-state and eCrime adversaries exploiting legitimate credentials and identities to evade detection and bypass legacy security controls , as well as a rise in hands-on-keyboard intrusions , cross-domain attacks and cloud control plane exploits .

Key findings include :

• North Korea-Nexus adversaries pose as legitimate US employees : FAMOUS CHOLLIMA infiltrated over 100 primarily US technology companies . Leveraging falsified or stolen identity documents , malicious insiders gained employment as remote IT personnel to exfiltrate data and carry out malicious activity .

• Hands-on-keyboard intrusions increase by 55 %: More threat actors are engaging in hands-onkeyboard activities to blend in as legitimate users and bypass legacy security controls . 86 % of all hands-on intrusions are executed by eCrime adversaries seeking financial gains . These attacks increased by 75 % in healthcare and 60 % in technology , which remains the most targeted sector for seven years in a row .

• RMM tool abuse grows by 70 %: Adversaries including CHEF SPIDER

( eCrime ) and STATIC KITTEN ( Iran-nexus ) are using legitimate Remote Monitoring and Management ( RMM ) tools like ConnectWise ScreenConnect for endpoint exploitation . RMM tool exploitation accounted for 27 % of all hands-onkeyboard intrusions .

• Cross-domain attacks persist : Threat actors are increasingly exploiting valid credentials in order to breach cloud environments and eventually using access to access endpoints . These attacks leave minimal footprints in each of those domains , like separate puzzle pieces , making them harder to detect .

• Cloud adversaries target the control plane : Cloud-conscious adversaries like SCATTERED SPIDER ( eCrime ) are leveraging social engineering , policy changes and password manager access to infiltrate cloud environments . They exploit connections between the cloud control plane and endpoints to move laterally , maintain persistence and exfiltrate data .

“ For over a decade , we ’ ve vigilantly tracked the most prolific hacktivist , eCrime and nation-state adversaries ,” said Adam Meyers , Head of Counter Adversary Operations at CrowdStrike . “ In tracking nearly 250 adversaries this past year , a central theme emerged – threat actors are increasingly engaging in interactive intrusions and employing cross-domain techniques to evade detection and achieve their objectives . Our comprehensive , human-led threat hunting directly informs the algorithms that power the AI-native Falcon platform , ensuring that we stay ahead of these evolving threats and continue to deliver the industry ’ s most effective cybersecurity solutions .” �

www . intelligentfin . tech

53