Vulnerability Intelligence 4 13 Key Findings 1 Tips 7 Stolen Access Credentials 6 Ransomware 5 Blurring Boundaries 3 Threat Snapshot 2 Apart from state-sponsored hackers conducting financially motivated campaigns and hacktivist threat actors that entered the cybercrime business, there have also been examples of hacktivist threat actors with close ties to nation-state attackers. The Cyber Army Russia Reborn (CARR), for example, is a notable pro-Russian hacktivist group active since mid-2022 that was found to have operational ties with Sandworm, a Russia-sponsored group linked to the Russian Main Intelligence Directorate (GRU). Researchers found that Sandworm has been directing and influencing the activity of CARR and believe that the CARR Telegram channel was created and controlled by SandWorm and has been used to claim responsibility and publish Sandworm’s attacks. 18 Vulnerability Intelligence Exploitation of vulnerabilities remained a top attack vector used by threat actors in 2024. Exploiting vulnerabilities can enable attackers to gain initial access to victims’ systems, allowing them to leverage this access to facilitate additional malicious activities, such as deploying malware or accessing and exfiltrating sensitive data. There has been a steady increase in the number of vulnerabilities discovered and disclosed in past years. During 2024, a total of 40,704 new vulnerabilities were disclosed. This marks an increase of 40% from 2023, when a total of 28,902 vulnerabilities were published and an increase of 62% from 2022, when only 25,081 vulnerabilities were published. 19 Vulnerability Intelligence 4 During 2024: 12 40,704 +62% +40% new vulnerabilities were disclosed from 2022 (25,081 vulnerabilities) from 2023 (28,902 vulnerabilities) 13