Cyber Threats 2022: A Year in Retrospect

2023-04-12 PWC

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/pdf/2022-year-in-retrospect-report.pdf

Attachments

2022-year-in-retrospect-report.pdf (11 MB)

Thumbnail for Cyber Threats 2022: A Year in Retrospect

PwC's 2022 threat retrospective is a broad landscape report, but its DPRK-relevant section notes that North Korea-based threat actors intensified financially motivated operations. The excerpt says these actors continued targeting financial services, cryptocurrency, and decentralized finance while the wider APT landscape largely followed previously observed targeting patterns. This DPRK activity is framed alongside broader 2022 trends, including vulnerability exploitation, cloud and identity targeting, and geopolitical shifts driven by Russia's invasion of Ukraine. For Lazarus Day purposes, the key supported finding is North Korea's continued emphasis on crypto and DeFi theft rather than the report's unrelated Russia, China, Iran, ransomware, or hacktivist sections.

Indicators of Compromise

Type Value First Seen Last Seen
DOMAIN ukr.net 2023-04-12 2026-04-02
YARA Sliver_Protobuf_Symbol 2023-04-12 2023-04-12
YARA Brute_Ratel_PE_Badger_API_Loadi… 2023-04-12 2023-04-12
HASH dc71c5721fa6b3148a3a0564931dc06… 2023-04-12 2023-04-12
HASH 4c668595d6767e9cdb68f875aab9d4d… 2023-04-12 2023-04-12
HASH b82a587befc34c0db00eed5c4117d88… 2023-04-12 2023-04-12
HASH 4de333f164d70b59849c3aa12a9c95c… 2023-04-12 2023-04-12
HASH 41cf473fe535b932c68e9f295680fe2… 2023-04-12 2023-04-12
HASH 71f9b72993614795b4d8ff554c99ef9b 2023-04-12 2023-04-12
HASH 44b9d089cf734d2478165a8539b23ae… 2023-04-12 2023-04-12
HASH c12c33111b41bf2be458004d532f125… 2023-04-12 2023-04-12
HASH 68af0db11c5c03e89049da0629ef4d85 2023-04-12 2023-04-12
HASH ef803ea871c974623ceb678548c9388… 2023-04-12 2023-04-12
HASH 3b4c57e04422825609bc70dfa5bf741… 2023-04-12 2023-04-12
URL https://shipping8.godaddysites.… 2023-04-12 2023-04-12
URL https://ukrverifikaciyaakkaunta… 2023-04-12 2023-04-12
URL https://product808.godaddysites… 2023-04-12 2023-04-12
URL https://support-domaill.godaddy… 2023-04-12 2023-04-12
URL https://deutschepost.godaddysit… 2023-04-12 2023-04-12
URL http://secnerd.ir 2023-04-12 2023-04-12
DOMAIN secnerd.ir 2023-04-12 2023-04-12
DOMAIN product808.godaddysites.com 2023-04-12 2023-04-12
DOMAIN support-domaill.godaddysites.com 2023-04-12 2023-04-12
DOMAIN evasionlabs.com 2023-04-12 2023-04-12
DOMAIN troopers.de 2023-04-12 2023-04-12
DOMAIN deutschepost.godaddysites.com 2023-04-12 2023-04-12
DOMAIN shipping8.godaddysites.com 2023-04-12 2023-04-12
DOMAIN ukrverifikaciyaakkaunta.godaddy… 2023-04-12 2023-04-12
IPv4 79.143.87.14 2023-04-12 2023-04-12
IPv4 18.130.157.66 2023-04-12 2023-04-12
IPv4 193.8.172.208 2023-04-12 2023-04-12
IPv4 18.169.208.15 2023-04-12 2023-04-12
DOMAIN news.sky.com 2014-08-27 2023-04-12

Related Actors

Related Reports

2022-04-29 • 42% Match
#Trend #BlackBanshee #BlackAlicanto #T1082 #T1059.003 #T1090 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1112 #T1083 #T1204.001 #T1036 #T1027 #T1204.002 #T1071 #T1124 #T1204 #T1057 #T1059.005 #T1566.001 #T1547.001 #T1053.005 #T1132.001 #T1566 #T1059 #T1003 #T1105 #T1620 #T1486 #T1135 #T1078 #T1548 #T1190 #T1592 #T1049 #T1087 #T1589 #T1074.001 #T1591 #T1547 #T1068 #T1573 #T1095 #T1048 #T1608 #T1070 #T1056 #T1036.007 #T1614.001 #T1033 #T1110 #T1221 #T1132 #T1570 #T1021 #T1615 #T1482 #T1210 #T1069 #T1595 #T1039 #T1016.001
Shares tags: Trend, BlackAlicanto, T1560 • Same author: PWC
« Back