Cyber threats in the first half of 2023 were analyzed in a recent Deep Instinct report. The report found that more victims were affected by ransomware in the first half of 2023 than in the entirety of 2022.  

Additionally, threat actors continue to leverage Ransomware as a Service (RaaS) to execute their attacks. From the launch of Lockbit’s affiliate program to new languages featured within BlackCat’s latest family, the impact and scale that RaaS offers ransomware gangs has proven successful.

Russia has become one of the leading threat actors in the world, according to the report. After several cyberattacks in 2022, including on Ukrainian government websites, organizations and companies, several Russian groups such as Sandworm, Callisto and Gamaredon continued their campaigns against the Eastern European nation in H1 2023.

In addition to Russia, the report identified a new command and control framework, named PhonyC2, which has been used by the Iranian-based MuddyWater group since at least 2021. The threat lab also observed and analyzed a previously undocumented and undetected new variant of BPFdoor by Red Menshen, a Chinese threat actor.

According to the report, the first half of 2023 saw the rise of powerful Large Language Models (LLMs). Cybercriminals took advantage of ChatGPT and other AI-based alternatives by using various jailbreaking guides in underground forums to build their own LLMs for attack, including WormGPT. Additionally, threat actors began abusing non-existent libraries suggested by ChatGPT, infiltrating those recommendations with malicious capabilities.

Read the full report here.