CrowdStrike 2023
Global Threat Report

Download report

From relentless adversaries
to resilient businesses

2022 was a year of explosive, adaptive and damaging threats. Adversaries continue to be relentless in their attacks as they become faster and more sophisticated. CrowdStrike’s 2023 Global Threat Report uncovers notable themes, trends and events across the cyber threat landscape, including:

C06AC675-D7D8-4631-928B-BCBEF3AD357F Created with sketchtool.

33

newly named adversaries in 2022

200+

total adversaries tracked by CrowdStrike

9E7D1B88-919F-4358-93D7-971A01D4BCD1

95%

increase in cloud exploitation

112%

increase in access broker ads on the dark web

84 minutes

average eCrime breakout time

71%

of attacks were malware-free

Read the CrowdStrike 2023 Global Threat Report

The must-read cybersecurity report of 2023

Download Now

Read the CrowdStrike 2023 Global Threat Report

The must-read cybersecurity report of 2023

Download Now

Key report insights



Adversaries Increase Speed
and Sophistication

eCrime adversaries proved relentless in 2022 with faster and more complex operations. The average eCrime breakout time is now 84 minutes, and 71% of attacks CrowdStrike Intelligence detected were malware-free.

Get endpoint security and XDR
Access Broker Boom Accelerated in 2022

Access brokers are threat actors who acquire credentials and access to organizations then provide or sell this access to other actors, including ransomware operators. The number of their ads increased 112% compared to 2021. This spike, along with an increase in social engineering attacks, highlight why identity threat protection is critical to stopping breaches.

Get identity protection
China Dominates Cyber Espionage Landscape

CrowdStrike Intelligence tracks China-nexus adversaries as the most active targeted intrusion groups. In 2022, they were observed targeting nearly all 39 global industry sectors and 20 geographic regions CrowdStrike tracks.

Get threat intelligence
Cloud is in the Crosshairs

Cloud exploitation grew by 95% in 2022 as CrowdStrike Intelligence observed a nearly 3x increase in "cloud-conscious" threat actors. Adversary techniques continue to grow more sophisticated for initial access, lateral movement, privilege escalation, defense evasion and data collection.

Get cloud security
Vulnerability Reuse Makes Patching a Priority

Adversaries continue to exploit vulnerabilities with greater sophistication, seeking ways to bypass mitigations to target the same vulnerable components multiple times. The architectural weaknesses in legacy technology create systemic risk for organizations that rely on these older systems and are increasingly vulnerable to attacks.

Get vulnerability management

Know them. Stop them.

Explore the Adversary Universe to learn how the world’s most dangerous threat actors are targeting organizations like yours.

Know them. Stop them.
Slippy Spider
Known for high-profile data theft
and extortion activity
Know them. Stop them.
Scattered Spider
Employed several techniques to bypass MFA and maintain access
Know them. Stop them.
Ember Bear
The public face of destructive
operations in Ukraine
Know them. Stop them.
Gossamer Bear
Consistently deployed phishing
operations to gather intelligence
Know them. Stop them.
Bitwise Spider
Ran the most prolific big game
hunting operation of 2022
Know them. Stop them.
Ethereal Panda
Highly proficient in persistence and
defense evasion

Related Resources