May 2024

This APT Activity Report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024. The highlighted operations are representative of the broader landscape of threats ESET Research has investigated during this period, illustrating key trends and developments.

After the Hamas-led attack on Israel in October 2023, and throughout the ongoing war in Gaza, ESET has detected a significant increase in activity from Iran-aligned threat groups. Russia-aligned groups have focused their activities on espionage within the European Union and attacks against Ukraine. 

On the other hand, several China-aligned threat actors exploited vulnerabilities in public-facing appliances, such as VPNs and firewalls, and software, such as Confluence and Microsoft Exchange Server, for initial access to targets in multiple verticals. North Korea-aligned groups continued to target aerospace and defense companies and the cryptocurrency industry.

The report also describes the exploitation of a zero-day vulnerability in Roundcube by Winter Vivern, a group ESET assesses to be aligned with the interests of Belarus. Additionally, ESET spotlights a campaign in the Middle East carried out by SturgeonPhisher, a group ESET researchers believe to be aligned with the interests of Kazakhstan.

Read the full APT Activity Report Q4 2023 - Q1 2024 to learn more!

ESET products protect our customers’ systems from the malicious activities described in this report. Intelligence shared here is primarily based on proprietary ESET telemetry data and has been verified by ESET researchers, who prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups.

These threat intelligence analyses, known as ESET APT Reports PREMIUM, assist organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. This report contains only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports.