Hey there, cybersecurity enthusiasts! Ready to dive into the latest ESET APT Activity Report for Q2-Q3 2024? Our team has been hard at work investigating and analyzing the activities of selected APT groups over the past few months. Let’s take a closer look at some of the key highlights.
One major trend we’ve noticed is the expanding targeting strategies of China-aligned MirrorFace, which now includes a diplomatic organization in the EU alongside its usual Japanese targets. Meanwhile, Iran-aligned groups have been stepping up their cyber capabilities, focusing on diplomatic espionage and potential kinetic operations in regions like Africa, Iraq, Azerbaijan, and Israel.
On the other hand, North Korea-aligned threat actors continue to pursue their regime’s goals, with a particular focus on stealing funds for weapons programs. They’ve been targeting defense companies, cryptocurrency developers, and NGOs, using tactics like abusing cloud-based services and exploiting Microsoft Management Console files.
Russia-aligned cyberespionage groups have also been busy targeting webmail servers and using spearphishing emails to exploit vulnerabilities. We’ve identified new groups like GreenCube stealing email messages via XSS vulnerabilities in Roundcube. Additionally, we’ve seen disinformation and psychological operations targeting Ukrainians and Russian dissidents.
Intrigued? This is just a glimpse of the detailed cybersecurity intelligence you can find in the full ESET APT Reports PREMIUM. For more insights and updates, be sure to follow ESET Research on Twitter. Stay informed, stay safe!