ESET APT Activity Report Q2 2025–Q3 2025

Check out the latest ESET Research Threat Reports for a summary of the activities of selected APT groups investigated and analyzed in Q2 and Q3 of 2025.

In the monitored period, various APT groups aligned with China continued to advance Beijing’s goals. Techniques such as adversary-in-the-middle were increasingly used for initial access and lateral movement by groups like PlushDaemon, SinisterEye, Evasive Panda, and TheWizards. FamousSparrow targeted governmental entities in Latin America, potentially influenced by the US-China power struggle. Meanwhile, Mustang Panda focused on Southeast Asia, the US, and Europe, particularly in governmental, engineering, and maritime transport sectors. Flax Typhoon targeted healthcare in Taiwan using webshells, while Speccom aimed at the energy sector in Central Asia.

Iran-aligned MuddyWater saw an increase in spearphishing activities, with success in sending internal spearphishing emails from compromised inboxes. North Korea-aligned threat actors expanded operations to Uzbekistan, targeting the cryptocurrency sector. Russia-aligned groups maintained focus on Ukraine and European entities, with RomCom exploiting a zero-day WinRAR vulnerability. Gamaredon intensified operations in Ukraine, including collaboration with Turla. Sandworm focused on destructive activities in Ukraine, particularly in the grain sector.

Notable activities by lesser-known groups included FrostyNeighbor exploiting an XSS vulnerability in Roundcube and a new Android spyware family named Wibag in Iraq. The ESET APT Activity Report Q2 2025–Q3 2025 provides insights based on ESET telemetry data and research, offering a snapshot of the evolving cybersecurity landscape.

For more detailed information, visit the ESET Threat Intelligence website. Stay informed and protected against emerging cyber threats with ESET Research.

Leave a Reply

Your email address will not be published. Required fields are marked *