Tuesday, June 25, 2024
HomeCyber SecurityESET APT Exercise Report This fall 2023–Q1 2024

ESET APT Exercise Report This fall 2023–Q1 2024

ESET Analysis, Risk Studies

An outline of the actions of chosen APT teams investigated and analyzed by ESET Analysis in This fall 2023 and Q1 2024

ESET APT Activity Report Q4 2023–Q1 2024

ESET APT Exercise Report This fall 2023–Q1 2024 summarizes notable actions of chosen superior persistent risk (APT) teams that had been documented by ESET researchers from October 2023 till the top of March 2024. The highlighted operations are consultant of the broader panorama of threats we investigated throughout this era, illustrating the important thing traits and developments, and comprise solely a fraction of the cybersecurity intelligence information supplied to clients of ESET’s non-public APT reviews.

Within the monitored timeframe, a number of China-aligned risk actors exploited vulnerabilities in public-facing home equipment, corresponding to VPNs and firewalls, and software program, corresponding to Confluence and Microsoft Trade Server, for preliminary entry to targets in a number of verticals. Based mostly on the information leak from I-SOON (Anxun), we are able to affirm that this Chinese language contractor is certainly engaged in cyberespionage. We monitor part of the corporate’s actions underneath the FishMonger group. On this report, we additionally introduce a brand new China-aligned APT group, CeranaKeeper, distinguished by distinctive traits but presumably sharing a digital quartermaster with the Mustang Panda group.

Following the Hamas-led assault on Israel in October 2023, we detected a major improve in exercise from Iran-aligned risk teams. Particularly, MuddyWater and Agrius transitioned from their earlier deal with cyberespionage and ransomware, respectively, to extra aggressive methods involving entry brokering and impression assaults. In the meantime, OilRig and Ballistic Bobcat actions noticed a downturn, suggesting a strategic shift towards extra noticeable, “louder” operations geared toward Israel. North Korea-aligned teams continued to focus on aerospace and protection firms, and the cryptocurrency trade, enhancing their tradecraft by conducting supply-chain assaults, creating trojanized software program installers and new malware strains, and exploiting software program vulnerabilities.

Russia-aligned teams have centered their actions on espionage inside the European Union and assaults on Ukraine. Moreover, the Operation Texonto marketing campaign, a disinformation and psychological operation (PSYOP) uncovered by ESET researchers, has been spreading false details about Russian-election-related protests and the scenario in Ukrainian Kharkiv, fostering uncertainty amongst Ukrainians domestically and overseas.

Moreover, we highlight a marketing campaign within the Center East carried out by SturgeonPhisher, a bunch we imagine to be aligned with the pursuits of Kazakhstan. We additionally focus on a watering-hole assault on a regional information web site about Gilgit-Baltistan, a disputed area administered by Pakistan, and lastly, we describe the exploitation of a zero-day vulnerability in Roundcube by Winter Vivern, a bunch we assess to be aligned with the pursuits of Belarus.

Malicious actions described in ESET APT Exercise Report This fall 2023–Q1 2024 are detected by ESET merchandise; shared intelligence is primarily based on proprietary ESET telemetry information and has been verified by ESET researchers.

Figure 1. Targeted countries and sectors
Determine 1. Focused nations and sectors


Figure 2. Attack sources
Determine 2. Assault sources

ESET APT Exercise Studies comprise solely a fraction of the cybersecurity intelligence information supplied in ESET APT Studies PREMIUM. For extra data, go to the ESET Risk Intelligence web site.

Comply with ESET analysis on X for normal updates on key traits and high threats.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments