In 2024, nation-state cyber exercise was off the charts, with Chinese language, Russian, and Iranian actors main the cost. Their campaigns weren’t simply relentless — they have been modern, utilizing a artful mixture of Ways, Strategies, and Procedures (TTPs) to realize footholds, keep hidden, and spy-like professionals.
“There was undoubtedly a continued and famous uptick in nation-state exercise in 2024,” stated Chris Hughes, a cyber innovation fellow on the US authorities’s Cybersecurity Infrastructure and Safety Company (CISA). “A few of the largest actions in 2024 included from Chinese language APTs, akin to Volt Storm and Salt Storm.”
No single TTP was the primary participant by itself. As an alternative, they labored collectively (typically mutually inclusive) like puzzle items, every enjoying a task within the larger image. One actor, for instance, would possibly deploy spear-phishing to realize entry, exploit zero days for privilege escalation, and use wiper malware to cowl their tracks — all in the identical marketing campaign.
