Figure 15: Top 10 Most Active Threat Actors in 2023
2023 was an eventful year for ransomware operators, witnessing a large increase in activity over 2022. Threat actors have continued to mix up their Tactics, Techniques, and Procedures (TTPs) as companies around the world have continued to respond to the ransomware threat. We have seen the steady and consistent activity levels of groups such as LockBit 3.0, often one of the most active TAs of each month. We have also observed groups fluctuate in their activity levels, and thus rise and fall in the ranks of the most active threat actors, and we have seen new groups rise to prominence and prior groups fall off the map.
5 groups were present in the top 10 most active TAs list for 2022 and maintained this prominence into 2023, though some like CL0P are notable for changing their position from 10th most active group in 2022 with only 57 attacks to 3rd most active group in 2023 with 404 attacks, an increase of over 700%. The scale of the increase in activity is notable; the 10th most active group of 2023, Royal with 120 attacks, would have been 5th most active in 2022 should LockBit 2.0 and 3.0 be counted together, or 6th most active should they be counted separately.
Figure 16: Top 10 Most Active Threat Actors in 2022
41
Made with FlippingBook - PDF hosting