Interactive Report Summary

Q1 2023 Cyber Threat Report

Activity across all three tracked sectors surged in Q1 2023, a clear indication that threat actors aren’t slowing down. Learn more about the biggest threats we saw, plus get a look into the technology industry’s threat landscape in our latest report 
Download the Report

Top Findings at a Glance


Malware events increase by nearly 40%

JavaScript variants a favorite tactic


Botnet activity jumped almost 60%

New botnets like NetSupport RAT emerge


Exploits more than double

Brute forcing dominates again, followed by Apache Log4j

Supply chain

Industry Spotlight: Technology

Technology companies often have a broad reach, access to data and a large user base, making them a prime target for financially focused threat actors or those interested in stealing intellectual data. 

We’ve heard a lot about supply chain attacks, and for good reason. Often, a vendor doesn’t adhere to the same level of cyber discipline as the company it serves, and this can be an easy attack vector for adversaries. A recent example is 3CX, which endured a double supply chain attack, meaning its compromise was initiated from another software supply chain compromise.  

Top technology threat actors include Lazarus Group, Kryptonite Panda, Comment Crew and UPS Team. 



How Nuspire produces its threat intelligence 

Hover over tiles to learn more


Collects threat intelligence and data from global sources, client devices and reputable third parties.


Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.


Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.


Analysts further scrutinize the research, scoring and tracking of existing and new threats.


Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

January through March

Q1 2023 in Review

Multiple Global Car Brands Discovered to Have API Vulnerabilities
Researchers Warn Against Zoho ManageEngine “Spray and Pray” Attacks
VMware Releases Patches for Critical Vulnerability in vRealize Log Analysis Tool
2134 Million RealTek Jungle SDK Exploitation Attempts Compromise IoT Devices
Atlassian Announced Critical Jira Service Management Vulnerability
Microsoft OneNote Attachments Increasingly Used to Deliver InfoStealer RATs
Ransomware Operators Target VMware ESXi Servers
February 2023 Patch Tuesday | Microsoft Fixes 3 Actively Exploited Zero-Days
CISA Warns of Active Exploitation of ZK Java Framework Vulnerability
Fortinet Releases Advisory on Critical FortiOS Vulnerability
Microsoft’s Patch Tuesday Fixes Numerous Critical Vulnerabilities
CISA Launches Ransomware Vulnerability Warning Pilot
Emotet and Other Malware Families Shifting Tactics to OneNote Files
Supply Chain Attack Affecting 3CX Softphone Desktop Application

Let's Dive Into the Data

The record-breaking level of attacks Nuspire identified in Q4 2022 continued into Q1 2023.



Throughout Q1, JavaScript variants continued to gain steam, with activity almost doubling in Q1. An increase in activity with this type of attack can likely be attributed to Microsoft’s default blocking of macros in Office files. In addition, we saw heightened activity of MS Excel variants, with a focus on using OneNote files to embed scripts given Microsoft’s blocking of macros in Word and Excel files.




Two new botnets topped Nuspire’s list this quarter: NetSupport RAT and FatalRAT. Before March 2023, Nuspire had not observed any activity from the NetSupport RAT botnet. NetSupport is a legitimate tool for remote access; however, threat actors have abused the tool to: 

  • Conduct real-time monitoring of devices 
  • Take control of the device  
  • Capture video and screenshots 
  • Exfiltrate information 
  • Install additional payloads  

FatalRAT is one of the primary payloads used by the Purple Fox threat actor group and is often retooled in an attempt to bypass security software. 



Brute forcing again dominated as the top exploit. In a distant second place was Apache Log4j, followed by Hikvision product command injections, which doubled from Q4 2022.

Stay Vigilant

If Q1 2023 is any indication of how the rest of the year will go, security teams should be on high alert and double down on their security defenses. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report