The report summarizes the activities of the APT groups in the period October 2023 March 2024
ESET, a global European leader in the cybersecurity market, has published l’ESET APT Activity Report, which summarizes the most relevant activities of groups specialized in Advanced Persistent Threats (APTs), which were documented between October 2023 and the end of March 2024. The highlighted activities are representative of the broader threat landscape that ESET Research has analyzed in this period, and illustrate key trends and developments. Following the Hamas attack on Israel in October 2023 and during the ongoing conflict in Gaza, ESET detected a significant increase in activity from Iran-aligned APT groups. Pro-Russian groups have focused their activities on espionage within the European Union and attacks on Ukraine. On the other hand, several China-aligned threat actors have exploited vulnerabilities in publicly available devices, such as VPNs and firewalls, and software, such as Confluence and Microsoft Exchange Server, to gain initial access to targets in several verticals. Groups close to North Korea continued to target aerospace and defense companies and the cryptocurrency industry.
"Most of the campaigns have targeted government organizations and certain vertical sectors, for example those subject to continuous and relentless attacks on Ukrainian infrastructure. Europe has seen a more diverse range of attacks by various threat actors. Russia-aligned groups have strengthened their focus on espionage in the European Union, where pro-China threat actors also maintain a substantial presence, demonstrating continued interest in European affairs from both Russia- and China-aligned groups," it says Jean-Ian Boutin, Director of Threat Research di ESET.
Based on the data leak from the Chinese security services company I-SOON (Anxun), ESET Research can confirm that this company is indeed involved in cyberespionage. ESET monitors part of the company's activities under the FishMonger group. In this latest report, ESET also presents a new China-aligned APT group, CeranaKeeper, which stands out for its unique traits, but may be related to the Mustang Panda group.
Regarding Iran-aligned threat groups, MuddyWater and Agrius have shifted from their previous focus on cyberespionage and ransomware to more aggressive strategies involving access brokering and impact attacks. Meanwhile, OilRig and Ballistic Bobcat operations have declined, suggesting a strategic shift towards more overt and “noisy” operations targeting Israel.
As for Russia-aligned activities, the Operation Textonto campaign, a disinformation and psychological operation (PSYOP) discovered by ESET researchers, spread false information about Russian election-related protests and the situation in the eastern Ukrainian metropolis of Kharkiv, fueling uncertainty among Ukrainians domestically and internationally.
The report also describes the exploitation of a zero-day vulnerability in Roundcube by Winter Vivern, a group that ESET claims is aligned with Belarus' interests. Additionally, ESET highlights a campaign in the Middle East led by SturgeonPhisher, a group that ESET researchers believe is aligned with Kazakhstan.
ESET products protect our customers' systems from the malicious activities described in this report. The information shared here is primarily based on ESET's proprietary telemetry data and has been verified by ESET researchers, who produce in-depth technical reports and frequent updates on the activities of specific APT groups. These threat intelligence analyses, known as ESET APT Reports PREMIUM, help organizations tasked with protecting citizens, national critical infrastructure and high-value assets from criminal and nation-state-directed cyber attacks. This report contains only a portion of the cybersecurity intelligence data made available to ESET customers.
For further technical information, consult the full version dell’ESET APT Activity Report on WeLiveSecurity.com. Be sure to follow ESET Research on Twitter (now known as X) for the latest news from ESET Research.
