The Threat Report, February 2023

March 7, 2023

Threat actors remained formidable adversaries during the final months of 2022, and the Trellix Advanced Research Center countered by adding even more threat intelligence resources to our team of hundreds of elite security analysts and researchers.

“In other words: we’ve taken our threat intelligence to the next level. To bring calm to your SecOps chaos with simpler security. To make your security outcomes better with less stress. Threats continue to evolve. And so can you.”

In this report, we share our industry-leading lineup of which threat actors, families, campaigns, and favorite techniques were prevalent during the last quarter. But there’s more. We’ve also expanded our sources to glean data from ransomware leak sites, and security industry reports. And as Trellix resources grow, so do the categories of threat research including new sections covering Network Security, Cloud Incidents, Endpoint Incidents, and Security Operations.

Since our last threat report, the Advanced Research Center engaged with research and findings across the globe including Gamaredon’s link to greatly increased cyberattacks targeting Ukraine in Q4, patching 61,000 vulnerable open-source projects, and releasing insights into the new year’s novel attacks with its 2023 Threat Predictions.

The following overview gleaned from these threat report improvements are examples of how the Advanced Research Center works to better enable customers and the security industry to realize better threat outcomes:


  • Breakout research on LockBit 3.0’s prominence as Q4’s most impactful ransomware group
  • Ransomware’s continued prevalence across the globe, especially in the United States
  • Ransomware targeting of sectors including Industrial Goods & Services

Nation States

  • Nation states targeting sectors including Government and Transportation & Shipping
  • Companies based in the United States impacted by nation-state activity

Living Off the Land (LOLBIN)

  • Expanded insights into Cobalt Strike in the wild using Trellix Advanced Research Center’s hunting methodology
  • The high number of Cobalt Strike Team servers hosted at Chinese Cloud providers
  • Windows Command Shell accounting for almost half of the top-10 most prevalent OS Binaries used in the reported campaigns…
Price: FREE

About the Provider

Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers.v


Cyberattacks, Cybersecurity, Threat Landscape, vulnerabilities