Threat Research

Uptycs Quarterly Threat Bulletin - Q4 2023

Issue #10 | January 2024

In Q4 2023, our focus zeroes in on significant cybersecurity incidents and trends. The quarter witnessed the aggressive exploitation of the Apache ActiveMQ vulnerability by cybercriminals, predominantly to deploy HelloKitty ransomware.

Malware Prevalence Trends:

Windows: The dominant malware strains were Amadey, AgentTesla, and RedLine.
Linux: Mirai and Gfagyt marked their significant presence.
macOS: Bundlore maintained its ongoing activity.

Utility Abuse Insights:

Windows: Rundll32.exe, a LOLBin, was notably the most exploited utility.
Linux: Crontab utility saw the highest misuse.
macOS: OpenSSL and curl were primarily manipulated by Bundlore malware.

The quarter also spotlighted the LockBit ransomware group as the foremost active entity, with Clop, Play, and BlackCat also making significant moves. Additionally, notable activities were observed from threat actors such as Lazarus Group, SideWinder, Kimsuky, Arid Viper, and APT29, marking a quarter dense with cybersecurity challenges.