General Industry Update

March saw the continued prominence of state-sponsored cybersecurity threats, as both China and Russia featured in significant breaches.

The United States and the United Kingdom each formally accused Chinese state-linked hackers of conducting “malicious” cyber campaigns against political targets, escalating diplomatic tensions with Beijing.

British Deputy Prime Minister Oliver Dowden implicated these hackers in a breach of the U.K.’s Electoral Commission, alleging that the attacks (which occurred in 2021 and 2022) aimed at the commission and parliamentarians were orchestrated by China-affiliated hacker group APT31.

In a parallel move, the U.S. Justice Department announced indictments against seven Chinese nationals, identifying them as members of the APT31 group. These individuals are accused of a prolonged 14-year cyber espionage campaign targeting U.S. businesses, government officials, political figures, and international critics of China.

Both the U.K. and U.S. statements intensify scrutiny of China’s cyber activities, suggesting a coordinated response to what is seen as a persistent threat to Western democratic institutions and economic interests. The Chinese Embassy in the U.K., however, dismissed the allegations as “completely fabricated and malicious slanders,” denying any involvement in the cyberattacks.¹

Likewise, Microsoft is facing ongoing security concerns as Russian state-sponsored hackers, identified as the same group responsible for the SolarWinds attack, have breached its systems. Initially spying on senior leadership’s email accounts, the hackers have now stolen some of Microsoft’s source code, marking this attack an ongoing threat.

The breach includes unauthorized access to source code databases and internal systems, though Microsoft assures users there was no evidence of compromise to customer-facing systems. Dubbed “Midnight Blizzard” by Microsoft, the group (also known as Nobelium) aims to exploit information they’ve obtained to further infiltrate Microsoft and potentially its customers.

Nobelium gained initial access through a password spray attack, leveraging a vast array of potential passwords against internal Microsoft accounts. Microsoft acknowledges a security lapse in a non-production test tenant account lacking two-factor authentication, facilitating Nobelium’s entry. The extent of the stolen source code remains undisclosed.²

Company Specific Updates

Zscaler Inc

Zscaler finalized the acquisition of Israeli AI-enhanced data security startup Avalor in March in a cash-and-stock deal worth approximately $310 million. The move comes as part of Zscaler’s strategy to bolster its cloud security offerings through innovative technology acquisition.

Avalor, supported by Salesforce Ventures, utilizes artificial intelligence to analyze data for security insights, a feature deemed advantageous for Zscaler’s corporate clientele. Zscaler, actively seeking startups with fresh security approaches, anticipates Avalor’s data analysis methods will enhance its security capabilities significantly.

The acquisition aligns with a trend of Israeli startup acquisitions, with notable recent purchases by Palo Alto Networks Inc., Crowdstrike Holdings Inc., and CheckPoint. Avalor’s CEO Raanan Raz expressed confidence in the integration, highlighting Zscaler’s abundant data as a perfect fit for Avalor’s analytical prowess.


The deal underscores Zscaler’s commitment to innovation in cybersecurity within a dynamic market landscape.³

Crowdstrike Holdings Inc

CrowdStrike announced in March its agreement to acquire Flow Security, the cybersecurity industry’s pioneer in cloud data runtime security solutions. By integrating Flow Security’s capabilities into its Falcon XDR platform, CrowdStrike aims to redefine data security posture management (DSPM) by safeguarding data in all states—whether at rest or in motion—across endpoint and cloud environments.

The acquisition underscores CrowdStrike’s commitment to innovation in cloud security, aiming to protect data as it traverses various platforms, including cloud, on-premise, and within applications. With this strategic move, CrowdStrike aims to consolidate cloud point solutions, offering customers comprehensive visibility into data flows and enhanced protection against data breaches.

CrowdStrike’s acquisition of Flow Security reinforces its position as a frontrunner in cloud security and seeks to empower customers to safeguard their entire cloud estate efficiently.⁴

Also in March, CrowdStrike reported robust earnings, surpassing both revenue and earnings expectations for the period ending January 31. CrowdStrike achieved revenue of $845 million, beating the expected $839 million, and net income of $54 million, up significantly from a $48 million loss in the same period last year. The company has now reported GAAP net income for four consecutive quarters. CrowdStrike anticipates fiscal first-quarter revenue between $902 million and $906 million. The company also reiterated its ambition to achieve $10 billion in annual recurring revenue by 2030, having reached $3.4 billion in January.⁵

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

Portfolio Strategy and Activity

For the month, Darktrace PLC made the largest contribution to the Fund, followed by Trend Micro Inc and Check Point Software Technologies Ltd. The largest detractors to performance for the month were Zscaler Inc, followed by SentinelOne Inc and Palo Alto Networks Inc.



  1. Browne, R., “U.S. and Britain accuse China-linked hackers of ‘malicious’ cyber campaigns, announce sanctions,” CNBC, March 25, 2024;
  2. Warren, T., “Microsoft says Russian hackers stole source code after spying on its executives,” The Verge, March 8, 2024;
  3. Roof, K., “Zscaler Buys Israeli AI-Enhanced Data Security Startup Avalor,” Bloomberg, March 14, 2024;
  4. “CrowdStrike to Acquire Flow Security to Expand Its Cloud Security Leadership with Data Security Posture Management (DSPM),” CrowdStrike, March 5, 2024;
  5. Goswami, R., “CrowdStrike shares surge on earnings beat, strong full-year guidance,” CNBC, March 5, 2024;

Header image source: Getty Images Credit: BeeBright

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags Crowdstrike  cyberattack  CYBR etf  Hackers  Microsoft  Palo Alto Networks  state-sponsored hacking  zscaler