ESET’s Q2-Q3 2024 APT Activity Report highlights China-affiliated groups leading global APT operations, with campaigns aimed at intelligence gathering being among the most common and persistent threats. The China-linked espionage group known as Billbug has been observed breaching multiple organizations in Southeast Asia across several industry verticals throughout August 2024 and February 2025 using novel […]
A nefarious russia’s APT group Seashell Blizzard also known as APT44 has been waging global cyber campaigns since at least 2009. Defenders recently spotted a new long-lasting access campaign called “BadPilot,” reinforcing the group’s focus on stealthy initial infiltration and leveraging a set of advanced detection evasion techniques. Detect Seashell Blizzard Attacks For more than […]
The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine leverages malicious LNK files disguised as war-related lures to deploy the Remcos backdoor and applies sophisticated techniques, such as DLL sideloading. Detect Gamaredon Group Attacks The russia-affiliated hacking groups […]
APT groups from China were ranked among the top global cyber threats alongside North Korea, russia, and Iran, showcasing heightened offensive capabilities and posing significant challenges to the cybersecurity landscape. Following the recent revelation of the Operation AkaiRyū by MirrorFace (aka Earth Kasha), China-nexus attackers are striking again. This time, security researchers report about the […]
According to ESET APT Activity Report Q2 2024-Q3 2024, China-linked threat groups dominate global APT campaigns, with MustangPanda responsible for 12% of activity during the observed quarters of 2024. Another nefarious China-backed APT group tracked as MirrorFace (aka Earth Kasha) has been observed expanding its geographical reach to target the diplomatic agency in the EU […]
In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]
The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]
For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]
Hot on the heels of russia-linked BlueAlpha’s exploitation of Cloudflare Tunneling services to spread GammaDrop malware, another russia-backed state-sponsored APT group comes to the spotlight. The nefarious actor tracked as Secret Blizzard (aka Turla) APT group has been observed leveraging offensive tools and infrastructure of other hacking collectives. The group’s campaigns also focus on deploying […]
Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a China-affiliated APT group tracked as Earth Baxia set its sights on a state agency in Taiwan and possibly other nations within the APAC region. A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in […]