Trellix detects collaboration between cybercriminals and nation-states

Trellix detects collaboration between cybercriminals and nation-states

The latest Trellix cyberthreat report observes indicators of collaboration between ransomware groups and nation-state-backed advanced persistent threat (APT) actors.

Released by Trellix’s Advanced Research Center, the report outlines adoption and usage of lesser-known programming languages for malware and cybercriminals developing Generative AI (GenAI) tools.  

John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center, said: “Cybercriminals are becoming increasingly more agile, organized and politically aligned. It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.”  

The report’s findings include:

  • Malicious GenAI: Cybercriminals bypass protections to take advantage of commonly known tools and use GenAI to enhance phishing campaigns.
  • Geopolitical Threat Activity: Nation-state threat activity spiked over 50% in the last six months.
  • Ransomware Developments: Global detections and industry-reported incidents, particularly in Q2, reflect unusual variations in ransomware families, as well as countries and industries targeted. Also observed was a splintering of large ransomware groups – with the introduction of smaller groups and more attacks focused on data exfiltration.
  • Underground Collaboration: The last six months demonstrated an increase in threat actors actively collaborating on Dark Web forums. This spanned groups formally joining together (“The Five Families”), an escalation in selling/sharing of zero-day vulnerabilities, joint PoC development efforts to accelerate exploitations, and more.  
  • Polyglot Malware: Cyber, a polycrisis itself, is a threat multiplier – and the rise of polyglot malware further exacerbates this. New programming languages are becoming popular malware choices – with Golang seeing high usage for ransomware (32%), backdoors (26%), and Trojan Horses (20%).
Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive