- This ESET APT Activity Report summarizes notable activities of
cyberthreat groups that were documented by ESET researchers from
October 2023 until the end of
March 2024.
- Iran-aligned groups increased
their activity against Israel
after the Hamas-led attack on Israel in October
2023 and throughout the ongoing war in Gaza.
- Russia-aligned groups focused
on espionage within the European Union and continued attacks
against Ukraine.
- China-aligned threat actors
exploited vulnerabilities in public-facing appliances, such as VPNs
and firewalls, and software.
- The main targets of most of the campaigns were government
organizations.
BRATISLAVA, Slovakia, May 14, 2024
/PRNewswire/ -- ESET has released its latest APT Activity Report,
which summarizes notable activities of selected advanced persistent
threat (APT) groups that were documented by ESET researchers from
October 2023 until the end of
March 2024. The highlighted
operations are representative of the broader landscape of threats
ESET Research has investigated during this period, illustrating key
trends and developments. After the Hamas-led attack on Israel in October
2023, and throughout the ongoing war in Gaza, ESET has
detected a significant increase in activity from Iran-aligned threat groups. Russia-aligned groups have focused their
activities on espionage within the European Union and attacks
against Ukraine. On the other
hand, several China-aligned threat
actors exploited vulnerabilities in public-facing appliances, such
as VPNs and firewalls, and software, such as Confluence and
Microsoft Exchange Server, for initial access to targets in
multiple verticals. North
Korea-aligned groups continued to target aerospace and
defense companies and the cryptocurrency industry.
"The targets of most of the campaigns were government
organizations and certain verticals: for example, those targeted in
continued and relentless attacks on Ukrainian infrastructure.
Europe experienced a more diverse
range of attacks from various threat actors. Russia-aligned groups strengthened their focus
on espionage in the European Union, where China-aligned threat actors also maintain a
consistent presence, indicating a continued interest in European
affairs by both Russia- and
China-aligned groups," says
Jean-Ian Boutin, Director of Threat
Research at ESET.
Based on the data leak from Chinese security services company
I-SOON (Anxun), ESET Research can confirm that this Chinese
contractor is indeed engaged in cyberespionage. ESET tracks a part
of the company's activities under the FishMonger group. In this
latest report, ESET also introduces a new China-aligned APT group, CeranaKeeper,
distinguished by unique traits yet possibly connected by the
digital footprint with the Mustang Panda group.
In the case of Iran-aligned
threat groups, MuddyWater and Agrius transitioned from their
previous focus on cyberespionage and ransomware, respectively, to
more aggressive strategies involving access brokering and impact
attacks. Meanwhile, OilRig and Ballistic Bobcat activities saw a
downturn, suggesting a strategic shift toward more noticeable,
"louder" operations aimed at Israel.
Regarding Russia-aligned
activity, the Operation Texonto campaign, a disinformation and
psychological operation (PSYOP) uncovered by ESET researchers, has
been spreading false information about Russian election-related
protests and the situation in the eastern Ukrainian metropolis
Kharkiv, fostering uncertainty among Ukrainians domestically and
abroad.
The report also describes the exploitation of a zero-day
vulnerability in Roundcube by Winter Vivern, a group ESET assesses
to be aligned with the interests of Belarus. Additionally, ESET spotlights a
campaign in the Middle East
carried out by SturgeonPhisher, a group ESET researchers believe to
be aligned with the interests of Kazakhstan.
ESET products protect our customers' systems from the malicious
activities described in this report. Intelligence shared here is
primarily based on proprietary ESET telemetry data and has been
verified by ESET researchers, who prepare in-depth technical
reports and frequent activity updates detailing activities of
specific APT groups. These threat intelligence analyses, known as
ESET APT Reports PREMIUM, assist organizations tasked with
protecting citizens, critical national infrastructure, and
high-value assets from criminal and nation-state-directed
cyberattacks. This report contains only a fraction of the
cybersecurity intelligence data provided to customers of ESET's
private APT reports.
You can read the full ESET APT Activity Report
on WeLiveSecurity.com. Make sure to follow ESET Research on
Twitter (today known as X) for the latest news from
ESET Research.
About ESET
ESET® provides cutting-edge digital security to prevent attacks
before they happen. By combining the power of AI and human
expertise, ESET stays ahead of known and emerging cyberthreats —
securing businesses, critical infrastructure, and individuals.
Whether it's endpoint, cloud, or mobile protection, our AI-native,
cloud-first solutions and services remain highly effective and easy
to use. ESET technology includes robust detection and response,
ultra-secure encryption, and multifactor authentication. With 24/7
real-time defense and strong local support, we keep users safe and
businesses running without interruption. An ever-evolving digital
landscape demands a progressive approach to security: ESET is
committed to world-class research and powerful threat intelligence,
backed by R&D centers and a strong global partner network. For
more information, visit www.eset.com or follow us on LinkedIn,
Facebook, and X.
View original
content:https://www.prnewswire.com/news-releases/eset-research-releases-latest-apt-activity-report-highlighting-cyber-warfare-of-russia--china--and-iran-aligned-groups-302144251.html
SOURCE ESET