Underground Threat Activity Report 

Underground Threat Activity Report - 2022


Underground forums have always been a hub for Threat Actor activities. Whether it is info-sharing, collaboration on attacks, or even advertising their services and affiliate programs, Cybercrime forums are the primary medium used by Threat Actors.

In our Underground Threat Activity report, you will find detailed analyses of cyberforum activities that we have observed over the past year, from emerging trends and cybercrime statistics to TTPs employed by TAs across several industries. You can also find our recommendations to mitigate the impact of these attacks, as well as our predictions for the evolution of the threat landscape and emerging threats that we may see in the future.

Key takeaways from our report include:

  • Phishing-as-a-Service(PaaS), Ransomware-as-a-Service (RaaS), Bulletproof Hosting, Fast Flux Services, and EV Code Signing services gaining traction in underground forums
  • The role of Initial Access brokers in Ransomware attacks and their close ties to known ransomware groups
  • We foresee cybercriminals modifying their techniques to mass-market their exploits and data breaches through this new medium
  •  We anticipate that FinTech, E-commerce, Energy, Telecom, and Semi-Conductor organizations may witness higher threats, in line with the trends observed in 2022
  • Threat activities targeting Critical Infrastructure due to mass-exploiting techniques and tools emanating from cybercrime forums are likely to increase 
  • Threat activities impacting entities in Asia, North America, and Latin America were observed to be widely distributed in underground forums
  • Threat Actors like Bjorka, IntelBroker, shadowhacker, kelvinsecurity, and GhostSec were observed to be predominantly active in the underground

 And more. 

Download the report now!

Get the Underground Threat Activity Report