Everyday is lazarus.dayβ

2023 Adversary Infrastructure Report

2024-01-10, Recordedfuture
cta-2024-1209.pdf, 5.1 MB
#TAG-46 #Trend #TAG-66 #TAG-71



By Insikt Group®
January 9, 2024

2023 Adversary
Infrastructure Report


All data in this report was sourced from the Recorded Future® Intelligence Cloud and is current as of
November 29, 2023.

Executive Summary
The prediction in our 2022 assessment that threat actors would continue the adoption of established
tooling, as well as commodity and open-source tools, was correct. Actors across the spectrum are
using tools like command-and-control (C2) frameworks, anonymization networks, remote monitoring
and management software, and legitimate internet service proxies as a matter of course. We
specifically note trends in Russian and Chinese state-sponsored malicious infrastructure, where the use
of anonymization networks and legitimate internet services is increasing. Since such tools allow
malicious activity to blend in and make attribution more difficult, we suggest network defenders
examine and improve their capabilities in detecting and stopping attacks.
The top offensive security tools observed this year include Cobalt Strike, Viper, and Meterpreter.
Remote access tools (RATs) topping the list this year are AsyncRAT, QuasarRAT, …