6 Threat Snapshot 2 Blurring Boundaries 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1 Russian cyber units, including the notorious Fancy Bear (APT28) and Cozy Bear (APT29), have carried out persistent cyber espionage campaigns, targeting Ukrainian government agencies, military personnel and political institutions to steal classified information and help Russia gain insights into Ukrainian plans and strategies. In addition, a recent cyber activity attributed to Russia involved the leaking of a Webex call, which the Russians reportedly used to influence the battlefield. The call, made by the head of the German Air Force, was published by RT Networks, a Russian media outlet. According to German officials, the call was leaked by Russian hackers. During the conversation, the German official discussed sensitive topics, including the potential use of German long-range missiles by Ukraine. German authorities believe the leak was intended to create division within the German government, furthering Russia's hybrid warfare tactics. 3 Russia was not the only nation that employed these kinds of tactics in 2024. On February 15, amid the ongoing conflict between Israel and Western countries against the Houthi rebels in Yemen and Iran, reports emerged that the U.S. launched a cyberattack on an Iranian ship suspected of espionage activities. The ship was allegedly being used to track various vessels in the region and share intelligence with the Houthis. 4 While the specifics of the cyberattack remain undisclosed, various reports suggest it was aimed at disrupting the information exchange between Iran and the Houthis. These incidents highlight that nation-states have not ceased their cyber operations, and during 2024, several highly sophisticated cyberattacks were carried out. Nation-State Threat Actors One of the most notable sophisticated attacks occurred on March 29, 2024, when a Microsoft developer exposed a backdoor in XZ Utils, an open-source data compression tool used in most Linux distributions. Although the operation was detected before widespread impact, the sophistication of the code and the plot behind it garnered significant attention. 5 Over two years, attackers used sock puppets, targeted social engineering and extreme patience to infiltrate the tool. Another significant attack, revealed in December 2024, involved the Chinese hacking group Salt Typhoon, which breached networks of nine U.S. telecom providers and others globally. The attackers intercepted communications between various political figures, including those of the 2024 presidential campaigns of Trump and Biden. The breach was so deep that it took months for incident responders to fully remove the attackers’ access to the networks. 6