CrowdStrike 2023
Global Threat Report

From relentless adversaries
to resilient businesses

2022 was a year of explosive, adaptive and damaging threats. Adversaries continue to be relentless in their attacks as they become faster and more sophisticated. CrowdStrike’s 2023 Global Threat Report uncovers notable themes, trends and events across the cyber threat landscape, including:


newly named adversaries in 2022


total adversaries tracked by CrowdStrike


increase in cloud exploitation


increase in access broker ads on the dark web

84 minutes

average eCrime breakout time


of attacks were malware-free

Read the CrowdStrike 2023 Global Threat Report

The must-read cybersecurity report of 2023

Download Now

Read the CrowdStrike 2023 Global Threat Report

The must-read cybersecurity report of 2023

Download Now

Key report insights

Adversaries Increase Speed
and Sophistication

eCrime adversaries proved relentless in 2022 with faster and more complex operations. The average eCrime breakout time is now 84 minutes, and 71% of attacks CrowdStrike Intelligence detected were malware-free.

Access Broker Boom Accelerated in 2022

Access brokers are threat actors who acquire credentials and access to organizations then provide or sell this access to other actors, including ransomware operators. The number of their ads increased 112% compared to 2021. This spike, along with an increase in social engineering attacks, highlight why identity threat protection is critical to stopping breaches.

China Dominates Cyber Espionage Landscape

CrowdStrike Intelligence tracks China-nexus adversaries as the most active targeted intrusion groups. In 2022, they were observed targeting nearly all 39 global industry sectors and 20 geographic regions CrowdStrike tracks.

Cloud is in the Crosshairs

Cloud exploitation grew by 95% in 2022 as CrowdStrike Intelligence observed a nearly 3x increase in "cloud-conscious" threat actors. Adversary techniques continue to grow more sophisticated for initial access, lateral movement, privilege escalation, defense evasion and data collection.

Vulnerability Reuse Makes Patching a Priority

Adversaries continue to exploit vulnerabilities with greater sophistication, seeking ways to bypass mitigations to target the same vulnerable components multiple times. The architectural weaknesses in legacy technology create systemic risk for organizations that rely on these older systems and are increasingly vulnerable to attacks.