The first quarter of 2022 was marked by repeated ransomware strikes, geopolitical conflict and governmental action to protect users from cybersecurity threats.

A report from Kroll, "Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion," outlined top cyber incidents that occurred in the past quarter.

Below, Security magazine covers each of the cyber threat events, from effects of the Russian invasion of Ukraine to new developments in ransomware attacks.

1. Russian government arrests REvil ransomware gang members

January 14, 2022

The Russian Federal Security Service (FSB) announced that it had arrested over a dozen threat actors connected to the REvil ransomware group in early 2022. Security leaders weigh in on the arrests in the above article.

2. U.S. launches "Shields Up" initiative, anticipating Russian cyberattacks

February 14, 2022

The Russian invasion of Ukraine was predicated by cyberattacks targeting critical infrastructure and government agencies in Ukraine. In February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released a series of recommendations for U.S. enterprise organizations to protect themselves from potential cyberattacks.

3. RaidForums dismantled by international security operation

February 25, 2022

A popular dark web forum was seized during Operation Tourniquet, conducted by Europol, U.S. law enforcement and international agencies. RaidForums was previously used to facilitate the sale of stolen credentials and data.

4. Chats, source code leaked from Conti ransomware group

February 28, 2022

Over 60,000 messages were leaked from the Conti ransomware group's Jabber server, revealing insights into how the ransomware group operates. According to the Kroll report, the leak represented the most in-depth view into ransomware group operations in history.

5. Lapsus$ ransomware group targets large corporations

March 22, 2022

Lapsus$ has executed multiple breaches of high-levels companies, with T-Mobile, Nvidia and Okta among some of the victims. The cyber extortion group compromises targets via leaked credentials and insider threats, according to the report.

"While 2021 will be remembered as the year of the vulnerability, 2022, particularly the first quarter, will go down as the year that threat actor groups such as ransomware gangs harnessed those vulnerabilities to launch more destructive attacks," said Laurie Iacono, Associate Managing Director in Kroll’s Cyber Risk practice.

"For instance, while most activity around Log4j exploitation in Q4 2021 revolved around cryptominers, threat actors from multiple ransomware gangs leveraged the vulnerability to set the stage for network encryption in Q1 2022."


To find out more about large-scale cyber incidents, check out these articles: