December 2023

This report summarizes threat landscape trends seen in ESET telemetry and from the perspective of ESET threat detection and research experts, from June 2023 through November 2023.

The second half of 2023 witnessed significant cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying out ransomware attacks on a major scale, garnered attention through its extensive “MOVEit hack”, which surprisingly did not involve ransomware deployment. The attack targeted numerous organizations, including global corporations and US governmental agencies.

In the IoT landscape, ESET researchers have made a notable discovery. They have identified a kill switch that had been used to successfully render the Mozi IoT botnet nonfunctional. It is worth mentioning that the Mozi botnet is one of the largest of its kind we have monitored over the past three years. The nature of Mozi’s sudden downfall raises the question of whether the kill switch was used by the botnet creators or Chinese law enforcement.

Amidst the prevalent discussion regarding AI-enabled attacks, we have identified specific campaigns targeting users of tools like ChatGPT. We also noticed a considerable number of attempts to access malicious domains with names resembling “chapgpt”, seemingly in reference to the ChatGPT chatbot. Threats encountered via these domains also include web apps that insecurely handle OpenAI API keys, emphasizing the importance of protecting the privacy of your OpenAI API keys.

We have also observed a significant increase in Android spyware cases, mainly attributed to the presence of the SpinOk spyware. This malicious software is distributed as a software development kit and is found within various legitimate Android applications. On a different front, one of the most recorded threats in H2 2023 is three-year-old malicious JavaScript code detected as JS/Agent, which continues to be loaded by compromised websites.

More insights can be found in the report. Feel free to download it and learn more!