Threat Reports

The period from April through September 2024 saw a number of interesting developments that relate to APT groups and were documented by ESET researchers. These include an expansion in targeting by China-aligned MirrorFace that now also targets diplomatic organization in the EU and indications that Iran-aligned groups might be leveraging their cyber-capabilities to support diplomatic espionage and, possibly, kinetic operations. Meanwhile, North Korea-aligned bad actors persisted in their attacks on defense and aerospace companies in Europe and the US, as well as on think tanks, NGOs, and cryptocurrency developers.

In the H1 2024 Threat Report, the ESET research team reviews the main trends and developments shaping the threatscape from December 2023 to May 2024. Infostealers, for example, increasingly impersonated generative AI tools while cracked video games and cheating tools were often laden with RedLine Stealer and Lumma Stealer. The period under review also painted a dynamic landscape of Android financial threats and saw a number of interesting developments on the ransomware scene and in other corners of the threat landscape.

This report looks at notable operations of selected APT groups from October 2023 to March 2024, which are representative of the broader trends and developments on the threat landscape as investigated by ESET researchers in Q4 2023 and Q1 2024. This period saw a significant increase in activity from Iran-aligned threat groups while several China-aligned bad actors exploited vulnerabilities in public-facing appliances and Russia-aligned groups focused on espionage within the European Union and attacks on Ukraine.

This issue of ESET's Threat Report provides an overview of the top threats and trends as observed by our experts from June to November 2023. Among other things, it highlights a number of notable developments on the threat landscape, including campaigns that target users of tools like ChatGPT, a significant increase in Android spyware cases, and new strategies on the ransomware scene.

This issue of the report summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from April 2023 until the end of September 2023. In the monitored timespan, we observed a notable strategy of APT groups utilizing the exploitation of known vulnerabilities, including in WinRAR, Microsoft Exchange servers and IIS servers, to exfiltrate data from governmental entities or related organizations.

The H1 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape between December 2022 and May 2023. Among other findings, it shows that cybercriminals have remarkable adaptability and relentlessly pursue new avenues to achieve their nefarious goals – be it through exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, or defrauding individuals. Importantly, this issue also includes design improvements and features a new approach to data presentation.

What were some of the world's most notorious APT groups up to from October 2022 to March 2023? As this report shows, several China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations, targeting them with new malicious wares. Meanwhile, Iran-aligned group OilRig deployed a new custom backdoor in Israel. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers.

This issue of ESET's Threat Report reviews the key developments that defined the threat landscape in the final four months of 2022. Russia's war on Ukraine continued to impact everything from global economy to cyberspace, where the ransomware scene in particular went through major shifts, all while RDP attacks took a nosedive. This, of course, barely scratches the surface of what the report reveals. Additionally, the report highlights some of the key findings by ESET researchers in late 2022.

This issue of the ESET APT Activity Report reviews the activities of selected APT groups as observed, investigated, and analyzed by ESET researchers from September to December 2022. Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. For example, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine.