qianxin2024.pdf (37 MB)

Qi An Xin's 2024 annual threat report says APT activity most often targeted government, defense, and financial sectors, with major activity concentrated in Ukraine, China, the United States, Israel, and South Korea. It identifies Kimsuky, Lazarus, Patchwork, Bitter, and APT28 as among the most active APT groups in 2024. China-related APT incidents mainly affected research and education, information technology, manufacturing, and government entities, with victims concentrated in Guangdong. The report also highlights widespread ransomware across Windows, Linux, macOS, FreeBSD, VMware ESXi, and cloud environments, plus increased Nday exploitation linked to exploit brokers, AI models, and broader offensive capability growth.