New report shows how APTs are setting their sights on SMBs. Protecting high-risk targets. And all the latest news on our weekly podcast.
Advanced persistent threat (APT) actors have traditionally limited their efforts to big-game targets such as governments, militaries and related industries. But according to a new analysis from Proofpoint researcher Michael Raggi and the team, that's changing. Increasingly, state-sponsored and -aligned attacks are targeting small and medium-size businesses (SMBs) around the globe.
Analyzing threat data from 2022 and 2023, our research team recently identified several well-known APT actors engaging in the following:
- Using compromised SMB infrastructure in phishing campaigns
- Targeting SMBs at the regional level to steal money
- Phishing vulnerable managed services providers to launch supply chain attacks
The detailed blog post dives deep into campaigns and tactics of from Russia-aligned TA473, TA 422 and TA499 and North Korea-aligned TA 444. Ultimately, our data suggests that some of the world's most formidable cyber attackers have their crosshairs on some of the least protected targets.
Speaking of state-sanctioned attacks, Proofpoint threat researchers Selena Larson and Crista Giering sat down with cybersecurity expert Runa Sandvik on the Discarded podcast about her work protecting journalists and newsrooms from powerful attackers, including authoritarian governments. The three discuss how to protect devices and accounts of high-risk targets, common security gaps in highly targeted organizations and using security tools effectively.
And on this week’s Five-Minute Forecast, an IT worker breaks pleads guilty in ransomware double-cross, Air Force general nominated to head U.S. cybersecurity and espionage efforts, and a seemingly benign Android app begins spying on users—a year after it was published.
.
Equip your team with threat intelligence
Go Deeper with our Premium Threat Info Service
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreDrawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Browse the threat hub
Subscribe to the Proofpoint Blog