Threat Hub

New report shows how APTs are setting their sights on SMBs. Protecting high-risk targets. And all the latest news on our weekly podcast.

Advanced persistent threat (APT) actors have traditionally limited their efforts to big-game targets such as governments, militaries and related industries. But according to a new analysis from Proofpoint researcher Michael Raggi and the team, that's changing. Increasingly, state-sponsored and -aligned attacks are targeting small and medium-size businesses (SMBs) around the globe.

Analyzing threat data from 2022 and 2023, our research team recently identified several well-known APT actors engaging in the following:

• Using compromised SMB infrastructure in phishing campaigns
• Targeting SMBs at the regional level to steal money
• Phishing vulnerable managed services providers to launch supply chain attacks

The detailed blog post dives deep into campaigns and tactics of from Russia-aligned TA473, TA 422 and TA499 and North Korea-aligned TA 444. Ultimately, our data suggests that some of the world's most formidable cyber attackers have their crosshairs on some of the least protected targets.

Speaking of state-sanctioned attacks, Proofpoint threat researchers Selena Larson and Crista Giering sat down with cybersecurity expert Runa Sandvik on the Discarded podcast about her work protecting journalists and newsrooms from powerful attackers, including authoritarian governments. The three discuss how to protect devices and accounts of high-risk targets, common security gaps in highly targeted organizations and using security tools effectively.

And on this week’s Five-Minute Forecast, an IT worker breaks pleads guilty in ransomware double-cross, Air Force general nominated to head U.S. cybersecurity and espionage efforts, and a seemingly benign Android app begins spying on users—a year after it was published.

.