ICIC
CROSS-GROUP ANALYSIS

Threat Landscape Analysis

Comprehensive analysis of threat actor patterns, targeting trends, and risk distributions across the global cyber threat landscape.

Total Groups

68

Avg Risk Score

76

Critical Threats

6

Nation States

12

Risk Score Distribution
Critical (90+)6 (9%)
High (80-89)15 (22%)
Medium (70-79)31 (46%)
Low (<70)16 (24%)

9% of tracked groups are rated as critical threats, requiring immediate attention and comprehensive defensive measures.

Threat Actors by Nation State
🇰🇵
North Korea5 groups • Avg: 83
🇷🇺
Russia26 groups • Avg: 81
🌐
United States1 groups • Avg: 81
🌐
South Korea1 groups • Avg: 79
🌐
Vietnam1 groups • Avg: 79
🇨🇳
China12 groups • Avg: 78
🌐
United States/United Kingdom1 groups • Avg: 78
🇮🇷
Iran5 groups • Avg: 74
🌐
Unknown13 groups • Avg: 65
🌐
Nigeria1 groups • Avg: 60
🌐
Malaysia1 groups • Avg: 59
🌐
South America1 groups • Avg: 56
Highest Risk Threat Actors
#1
🇷🇺

Sandworm

Voodoo Bear • IRIDIUM • Seashell Blizzard

98
CRS
#2
🇰🇵

Lazarus Group

Hidden Cobra • ZINC • Diamond Sleet

96
CRS
#3
🇨🇳

Volt Typhoon

Vanguard Panda • BRONZE SILHOUETTE • Dev-0391

96
CRS
#4
🇷🇺

Midnight Blizzard

APT29 • NOBELIUM • The Dukes

92
CRS
#5
🇷🇺

APT28

Fancy Bear • Sofacy • Pawn Storm

91
CRS
Most Targeted Sectors
1
Government42 groups
2
Healthcare28 groups
3
Technology25 groups
4
Manufacturing25 groups
5
Defense19 groups
6
Financial Services13 groups
7
Energy13 groups
8
Education10 groups
9
Media8 groups
10
Telecommunications8 groups
Threat Actor Motivations
41
Financial Gain
60% of groups
32
Espionage
47% of groups
4
Sabotage
6% of groups
10
Intelligence Collection
15% of groups
1
Information Operations
1% of groups
2
Destruction
3% of groups
3
Intellectual Property Theft
4% of groups
2
Surveillance
3% of groups
2
Political Intelligence
3% of groups
1
Insider Trading
1% of groups
1
Hacktivism
1% of groups
1
Pre-positioning
1% of groups
1
Disruption
1% of groups
1
Strategic Access
1% of groups

Espionage remains the dominant motivation, with 32 groups primarily focused on intelligence collection. Financial motivations are increasingly common, particularly among North Korean actors.

Key Intelligence Findings

Threat Concentration

Russia and China account for the majority of tracked APT groups, with Russian actors showing higher average risk scores due to destructive capabilities demonstrated by groups like Sandworm.

Sector Targeting

Government and Defense sectors remain the primary targets, but Healthcare and Technology have seen significant increases in targeting, particularly during the COVID-19 pandemic.

Evolution Trends

Supply chain attacks and cloud infrastructure targeting have become increasingly prevalent, with APT29's SolarWinds attack representing a paradigm shift in attack methodology.