## ESET’s APT Activity Report
ESET, a renowned IT security software developer, has released its semi-annual APT Activity Report. The report summarizes the activities of selected advanced persistent threat (APT) groups observed and investigated by ESET researchers from October 2022 until the end of March 2023.
The APT threats are targeted and well-funded attacks by cybercriminals attempting to compromise high-value targets such as governments, critical national infrastructure, and businesses. The ESET report highlights the increased APT activity of China-aligned groups like Ke3chang and Mustang Panda on European organizations, Iran-aligned group OilRig deploying a new custom backdoor, North Korea-aligned groups focusing on South Korea and related entities, Russia-aligned APT groups active in Ukraine and EU countries, exploiting Zimbra webmail phishing attempts, and India-aligned groups SideWinder and Donot Team continuing to target governmental institutions in South Asia.
## China-Aligned Threats on European Organizations
The report states that China-aligned groups Ke3chang and Mustang Panda focused their efforts on European organizations during this period. Ke3chang employed new tactics, including the deployment of a new Ketrican variant. Meanwhile, Mustang Panda used two new backdoors in its attacks.
## Iran-Aligned Group Deployed a New Custom Backdoor
The ESET report highlighted the activities of the Iran-aligned group OilRig, which deployed a new custom backdoor during this time. This group has been known for its operations in the Middle East, targeting governments and companies alike.
## North Korea-Aligned Group Focused on South Korea
According to the ESET report, North Korea-aligned groups continued to focus on South Korea and South Korea-related entities. Moreover, the report highlights the shift of attention by the Lazarus group from its usual target verticals to a data management company in India.
## Russia-Aligned APT Groups Active in Ukraine and EU Countries
The ESET report states that Russia-aligned APT groups were especially active in Ukraine and EU countries. Sandworm was found deploying wipers, including a new one ESET calls SwiftSlicer. Gamaredon, Sednit, and the Dukes were utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel. The ESET also spotted a significant drop in the activity of SturgeonPhisher, a group targeting government staff of Central Asian countries with spearphishing emails.
## India-Aligned Group Targeting Governmental Institutions in South Asia
According to the ESET report, India-aligned groups SideWinder and Donot Team continued to target governmental institutions in South Asia. While SideWinder was spotted targeting the education sector in China, Donot Team deployed the commercially available Remcos RAT.
## ESET’s Technology to Detect Malicious Activities
ESET’s products detect malicious activities described in the report. The intelligence shared in the report is mostly based on proprietary ESET telemetry data and has been verified by ESET researchers. In addition, a piece of Linux malware being leveraged in one of their campaigns was spotted.
## Recommendations
APT attacks are the most sophisticated and dangerous threats in cyberspace. Organizations must prioritize their cybersecurity posture and adopt a multi-layered approach that includes endpoint security, network security, and employee training.
Organizations must continuously assess and review their security capabilities to ensure they stay ahead of emerging threats. They should also consider investing in tools and technologies that provide real-time threat intelligence, allowing them to identify and mitigate threats quickly.
In conclusion, the ESET APT Activity Report emphasizes the importance of having a robust cybersecurity posture and the need for organizations to remain vigilant and prepared for evolving threats.
<< photo by Kenny Eliason >>
You might want to read !
- Microsoft’s Bootkit Zero-Day Fix – A Cautious Patching Approach or a Much Needed One?
- Smashing Pumpkins Frontman Billy Corgan’s Response to Alleged Hacker: Pay Up!
- From Scarcity to Surplus: How Startups adapt to Shifting Economic Conditions
- AppSec Rising: Examining the Advancements and Challenges of Application Security
- PHP Community on Alert as Hacker Poisons Packagist Supply Chain in Quest for Job
- Mandiant Report Reveals Decrease in Dwell Time and Rise of Ransomware and Extortion Attacks
- Chinese Surveillance Camera Footage Becomes a Lucrative Target for Cybercriminals
- “North Korean Hackers Circumvent Macro-Blocking Using LNK Tactic”
- The Ransomware Pandemic: Why These Cyber Attacks are So Lucrative and Difficult to Stop
- “In-Depth Analysis of Cybercrime Trends Revealed in Microsoft Digital Defense Report”
- Beware of Fake Reservation Links Targeting Exhausted Travelers
