Today ESET Research publishes the very first ESET APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from May until the end of August 2022 (T2 2022).
APT groups are usually operated by a nation-state or by state-sponsored actors. Their aim is to breach the security of governments, high-profile individuals, or strategic companies, and to evade detection in order to harvest highly confidential data. These groups possess advanced levels of expertise and substantial resources, among them techniques, tools, and exploits for zero-day vulnerabilities (vulnerabilities known to attackers and/or the affected vendors, but that have not yet been publicly disclosed or fixed).
In T2 2022, we saw no decline in APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors. Even more than eight months after the Russian invasion, Ukraine continues to be a prime target of Russia-aligned APT groups such as the infamous Sandworm, but also Gamaredon, InvisiMole, Callisto, and Turla.
Speaking of defense, the aerospace and defense industries continue to be of high interest to North Korea-aligned groups, along with financial and cryptocurrency firms and exchanges. In the Middle East, organizations in or linked to the diamond industry were targeted by Agrius in what we believe was a supply-chain attack that abused an Israel-based software suite used in these verticals. On the other side of the world, we identified several campaigns by MirrorFace, a China-aligned group, with one possibly targeting the House of Councillors election in Japan.
Malicious activities described in ESET APT Activity Report T2 2022 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research.
Countries, regions and verticals affected by the APT groups described in this report include:
| Targeted countries and regions | Targeted business verticals |
|---|---|
| Argentina Germany Hong Kong Iran Israel Japan Kyrgyzstan Netherlands Poland South Africa Ukraine United States Uzbekistan Asia Europe |
Aerospace Blockchain technology companies Branding and marketing Communications industry Cybersecurity Defense Diamond industry Education Embassies Engineering Financial services Information technology Law Manufacturing Media National and local governments Political entities Retail Social services Telecommunication |
ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided in ESET APT Reports PREMIUM. For more information, visit the ESET Threat Intelligence website.
Follow ESET research on Twitter for regular updates on key trends and top threats.
