{ "id": "0f6166c9-e27a-4cf0-9bc5-bfb685dc1bb5", "created_at": "2026-04-06T00:22:33.299492Z", "updated_at": "2026-04-10T03:31:32.090884Z", "deleted_at": null, "sha1_hash": "278d8141e67daaead155431e6a37277e4a2a3772", "title": "Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 55315, "plain_text": "Cyberattacks against governments jumped 95% in last half of\r\n2022, CloudSek says\r\nBy by Apurva Venkat Special Correspondent\r\nPublished: 2023-01-04 · Archived: 2026-04-05 12:47:51 UTC\r\nIndia, the US, Indonesia, and China accounted for 40% of the total reported\r\ncyberattacks in the government sector.\r\nThe number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022\r\ncompared to the same period in 2021, according to a new report by AI-based cybersecurity company CloudSek. \r\nThe increase in attacks can be attributed to rapid digitization and the shift to remote work during the pandemic,\r\nwhich broadened the attack surface of government entities and paved the way for an increase in cyberwarfare\r\nwaged by nation-state actors, according to the report.\r\nGovernment agencies collect and store huge amounts of data, which include information about individual citizens\r\nthat can be sold on the dark web. There is also a risk that national security and military data can be used by\r\nterrorist organizations. \r\nIncrease in hacktivism and ransomware\r\nIn 2022 there was an increase in so-called hacktivist activity — hacking for political purposes — which accounted\r\nfor about 9% of the recorded incidents reported in the government sector. Ransomware groups accounted for 6%\r\nof the total incidents reported. LockBit was the most prominent ransomware operator, the report noted. \r\nThe number of government-sponsored attacks has also multiplied. This increase is due to the advent of offerings\r\nsuch as initial-access brokers and ransomware-as-a-service. \r\n“These statistics are suggestive of the fact that cyberattacks in this particular industry are no longer limited to\r\nfinancial gains; rather, they are now used as a means to express support or opposition for certain political,\r\nreligious, or even economic events and policies,” the report said. \r\n“Threat actors have started developing and advertising services of dedicated criminal infrastructure which can be\r\nbought by governments or individuals and used for various nefarious purposes,” the report added.\r\nMeanwhile, the average total cost of a breach in the public sector increased from $1.93 million to $2.07 million —\r\na 7.25% increase between March 2021 and March 2022 — according to IBM.\r\nKelvinSecurity, AgainstTheWest are most prominent threat actors\r\nhttps://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html\r\nPage 1 of 3\n\nKelvinSecurity and AgainstTheWest were the two most prominent threat actors last year, according to Cloudsek.\r\nThe two groups were the most prominent in 2021 as well. \r\nKelvinSecurity, operating under the handle Kristina, uses targeted fuzzing and exploits common vulnerabilities to\r\ntarget victims. The group shares their tools for free and targets victims with common underlying technologies or\r\ninfrastructure. The group publicly shares information such as new exploits, targets, and databases on cybercrime\r\nforums and Telegram. They also have a data-leak website where other threat actors can share databases, the\r\nCloudSek report notes. \r\nAgainstTheWest started operations in October 2021 and identifies itself as APT49 or BlueHornet. It is focused on\r\nexfiltrating region-specific data and selling it on the dark web. The group has launched campaigns such as\r\nOperation Renminbi, Operation Ruble, and Operation EUSec, which targeted various countries. They also\r\ncollaborate with different threat actors. \r\n“A confidential source in contact with the group ascertained that the group was exploiting SonarQube zero-day\r\nand Swagger UI vulnerabilities,” the CloudSek report noted. SonarQube is an open-source tool by SonarSource\r\nthat automates code inspections; Swagger is a set of tools for API developers from SmartBear Software.\r\nIndia, US, and China are most affected\r\nIndia, the US, Indonesia, and China continued to be the most targeted countries in the past two years, accounting\r\nfor 40% of the total reported incidents in the government sector. \r\nThe attacks on the Chinese government were mainly attributed to APT groups. AgainstTheWest’s campaign\r\nOperation Renminbi was responsible for almost 96% of attacks against China, the report noted. The operation\r\nbegan as retaliation for China’s activities against Taiwan and the Uyghur community. Allegations that China was\r\nresponsible for the outbreak of the pandemic also contributed to the increase in attacks. \r\nThe Indian government was the most frequently targeted in 2022 due to the hacktivist group Dragon Force\r\nMalaysia’s #OpIndia and #OpsPatuk campaigns. Several hacktivist groups joined and supported these campaigns,\r\nwhich led to further attacks. Government agencies in India have become popular targets of extensive phishing\r\ncampaigns, the report noted. \r\nAfter Russia attacked Ukraine, several state-sponsored actors and activists showed their support for Ukraine by\r\nattacking Russia. Attacks against Russia increased by over 600% during the year, as the Russian government\r\nbecame the fifth most targeted public sector in 2022.\r\nTo prevent future attacks government agencies need to shift to a zero-trust model, wherein it is assumed that the\r\nuser identities or the network itself may already be compromised, proactively verifying the authenticity of user\r\nactivity, CloudSek noted.\r\nSUBSCRIBE TO OUR NEWSLETTER\r\nFrom our editors straight to your inbox\r\nGet started by entering your email address below.\r\nhttps://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html\r\nPage 2 of 3\n\nSource: https://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html\r\nhttps://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html" ], "report_names": [ "cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html" ], "threat_actors": [ { "id": "05b0c294-6e79-4d58-8291-73d2c1c7d9bd", "created_at": "2024-06-25T02:00:05.048321Z", "updated_at": "2026-04-10T02:00:03.665219Z", "deleted_at": null, "main_name": "BlueHornet", "aliases": [ "APT49", "AgainstTheWest" ], "source_name": "MISPGALAXY:BlueHornet", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "63f532e6-4b4a-4f17-bbff-8517f0dd1868", "created_at": "2024-01-09T02:00:04.192588Z", "updated_at": "2026-04-10T02:00:03.507424Z", "deleted_at": null, "main_name": "KelvinSecurity", "aliases": [], "source_name": "MISPGALAXY:KelvinSecurity", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434953, "ts_updated_at": 1775791892, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/278d8141e67daaead155431e6a37277e4a2a3772.pdf", "text": "https://archive.orkl.eu/278d8141e67daaead155431e6a37277e4a2a3772.txt", "img": "https://archive.orkl.eu/278d8141e67daaead155431e6a37277e4a2a3772.jpg" } }