The manufacturing sector is heavily targeted, with 82 of 255+ tracked adversaries focusing on it. It was the third most attacked industry by interactive intrusions in 2024 and the second most targeted by access brokers, with intrusion frequency rising 57% year-over-year. Adversaries exploit valid credentials, use hands-on-keyboard techniques, and apply cross-domain tradecraft to persist and exfiltrate data. Key groups include PUNK SPIDER, behind Akira ransomware and extortion; RECESS SPIDER, operators of PLAY ransomware exploiting OWASSRF for remote execution; and BITWISE SPIDER, developers of LockBit ransomware and StealBIT, relying on brute-forcing and supply chain compromises.

Join for free to read