2022 Year in Review

### Executive summary: This report provides a data-driven overview of 2022 intrusion activity, highlighting the prevalence of phishing-driven initial access, the shift from macro-based attachments to ISO/ZIP+LNK delivery, widespread use of Cobalt Strike and remote access tools (AnyDesk, Atera), common privilege-escalation and credential-theft techniques (LSASS dumps, Mimikatz, Kerberoasting), and observed exfiltration methods (Rclone, web shells); it also lists detection artifacts such as JA3 hashes and Suricata/Sigma rules to aid defenders.