
Over the past year, we’ve seen advanced persistent threat (APT) groups adopt new tactics, techniques, and procedures (TTPs), attackers leverage AI to increase the volume and speed of their attacks, and ransomware deployments become larger and more destructive. Below, we’ll take a look at key predictions we’ve made for 2024 and our thoughts on how these long-standing trends will evolve in 2025.
FortiGuard Labs is Fortinet’s elite cybersecurity threat intelligence and research organization. A pioneer and innovator in the security industry, FortiGuard Labs develops and deploys cutting-edge machine learning and AI technologies to provide customers with timely protection and actionable threat analytics.
APT groups are known to be highly adaptable. For example, the Stuxnet attack in 2010 marked a turning point in the sophistication of cyberwarfare, when state-sponsored APTs demonstrated their ability to disrupt physical infrastructure.
APTs are constantly changing their methods, exploiting new vulnerabilities, and remaining active despite improvements in defenses. About a third of the APT groups identified by MITRE are active. Based on FortiRecon intelligence, 38 of the 143 identified APT groups (27%) were active during the second half of 2023, including Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig. Last year, there was a trend where some APT groups will use even more stealthy, innovative methods to launch attacks.

As APT groups continue to deepen their collaboration with cybercriminals, it is no surprise that APTs are deploying new TTPs at a record pace. For example, this summer, we observed the GrimResource attack technique combined with remote AppDomain injection, which allows attackers to inject malicious code into isolated application domains. This makes it much more difficult for traditional endpoint security tools to detect threats. APT29, for example, deploys efficient malware that is used in memory to avoid leaving traces on disk.
These examples illustrate how APT groups remain agile and innovative, creating a constant challenge for cybersecurity defenders around the world.
APT groups are groups of highly skilled hackers, often sponsored by a specific state or corporation. Their goal is to obtain sensitive data from government agencies, high-ranking individuals, or strategic companies while avoiding detection.
For many years, attackers have relied on a relatively small collection of TTPs (tactics, techniques, and procedures) that have proven successful in using these frameworks for their attacks. It was expected that attackers would expand the TTPs they use to compromise their attack targets, especially with the advent of artificial intelligence and other new technologies that aid their efforts. Indeed, the TTP playing field has widened, with attackers constantly advancing new procedural-level techniques and creating new ones. Attackers are also rapidly implementing new ways to counter the measures that many organizations have put in place for specific compromise methods.

To counter the attack methods that attackers are constantly developing to bypass standard defenses, security professionals should:
This adaptive, multi-layered approach, supported by ongoing training and the implementation of new security technologies, helps organizations remain resilient as the threat landscape evolves.
In the next article, we’ll look at the AI tools in the hands of cyberattackers. зловмисників.