Based on a Palo Alto Networks analysis of victims between mid-2023 to mid-2024 the manufacturing sector was most impacted, followed by transportation and logistics, wholesale and retail, insurance, pharma, and healthcare.
APT and cybercriminal tactics are usually incompatible
The mixture of cyberespionage and ransomware activities is not unheard of, but it is a rare occurrence because these operations typically have competing goals that require different approaches. The goal of cyber espionage is intelligence collection, so remaining undetected in the victim’s network for as long as possible is a priority. Meanwhile, the data encryption part of ransomware attacks is highly visible, immediately giving away the attacker’s presence.
However, there have been cases where intelligence agencies have contracted, or forced, private hackers to do their bidding in exchange for protection from prosecution or other privileges. This has resulted in cases where some threat groups appeared to engage in both cyberespionage and financial crimes at the same time. And even though those operations were kept separate, there was an inevitable overlap of toolsets and tactics.
