Threat Hub

The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.

| Weekly Brief

New report shows how APTs are setting their sights on SMBs. Protecting high-risk targets. And all the latest news on our weekly podcast.

Advanced persistent threat (APT) actors have traditionally limited their efforts to big-game targets such as governments, militaries and related industries. But according to a new analysis from Proofpoint researcher Michael Raggi and the team, that's changing. Increasingly, state-sponsored and -aligned attacks are targeting small and medium-size businesses (SMBs) around the globe.

Analyzing threat data from 2022 and 2023, our research team recently identified several well-known APT actors engaging in the following:

  • Using compromised SMB infrastructure in phishing campaigns
  • Targeting SMBs at the regional level to steal money
  • Phishing vulnerable managed services providers to launch supply chain attacks

The detailed blog post dives deep into campaigns and tactics of from Russia-aligned TA473, TA 422 and TA499 and North Korea-aligned TA 444. Ultimately, our data suggests that some of the world's most formidable cyber attackers have their crosshairs on some of the least protected targets.

Speaking of state-sanctioned attacks, Proofpoint threat researchers Selena Larson and Crista Giering sat down with cybersecurity expert Runa Sandvik on the Discarded podcast about her work protecting journalists and newsrooms from powerful attackers, including authoritarian governments. The three discuss how to protect devices and accounts of high-risk targets, common security gaps in highly targeted organizations and using security tools effectively.

And on this week’s Five-Minute Forecast, an IT worker breaks pleads guilty in ransomware double-cross, Air Force general nominated to head U.S. cybersecurity and espionage efforts, and a seemingly benign Android app begins spying on users—a year after it was published.


Insights Chart of the Week
Number of Campaigns Using HTML Smuggling
HTML Hijinks

HTML smuggling, which uses JavaScript in an HTML attachment to download malicious code, peaked in fall 2022 but remains a popular attack vector. The technique can evade many malware filters but requires the recipient to open the attachment.

Equip your team with threat intelligence

Blog Post
Conversational Threats Surge on Mobile

Pig butchering and similar conversational attacks were the fastest growing mobile threats of 2022.

Threat Insight
OneNote Used to Deliver Malware

Attackers exploit another component of Microsoft's 365 suite as they adjust to a post-macro world.

Threat Insight
Exploring the Post-Macro Landscape

Our researchers unpack all the changes from a year of rapid evolution in malware delivery techniques.

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
The Human Factor 2022

Drawing on insights and data from our products and researchers, the Human Factor tells the story of a year when cybersecurity jumped from the tech page to the front page. Our annual threat report explores user trends from our uniquely people-centric lens. See how vulnerabilities, attacks and privilege are transforming the threat landscape.

Threat Report
2023 State of the Phish

This year’s report dives deep into today’s threats—and how prepared users are to face them. Get a wealth of data, insight and advice based on knowledge assessments, self-reported cybersecurity habits and actual responses to simulated phishing emails.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight:

Subscribe to the Proofpoint Blog