Malware sharing, data wiping and exploits

Discover the Latest APT Insights with ESET Experts

Hey there! Excited to share the latest episode of the ESET Research Podcast with you. Join ESET Distinguished Researcher Aryeh Goretsky and ESET Security Awareness Specialist Rene Holt as they dive into the key highlights from ESET’s APT Activity Report.

First up is the spotlight on UnsolicitedBooker, a persistent China-aligned APT group known for their relentless campaigns. They targeted the same organization multiple times over several years, showcasing their determination to deploy their signature backdoor, MarsSnake.

The discussion then shifts to the challenges of attribution in the face of increasing tool-sharing trends, especially among China-aligned actors like Worok. These groups use overlapping toolsets sourced from digital quartermasters, complicating the attribution process.

Exploring Russia-aligned actors, the conversation delves into the activities of groups like Sednit, Gamaredon, and Sandworm. Sednit’s recent exploits include Operation RoundPress, targeting webmail services and defense companies in Bulgaria and Ukraine.

Meanwhile, Gamaredon continues to refine their obfuscation techniques for stealthy operations, while Sandworm has ramped up their use of the data-wiping malware ZEROLOT, executing precise attacks to achieve their destructive goals.

Curious to learn more about North Korea-aligned and Iran-aligned groups? Tune in to the ESET Research Podcast or grab a copy of the latest ESET APT Activity Report for in-depth insights.

Key Topics:

UnsolicitedBooker (MarsSnake) 1:45

Worok (and its digital quartermasters) 4:50

Sednit (Operation RoundCube) 9:55

Gamaredon 13:55

Sandworm (ZEROLOT wiper) 16:15

DeceptiveDevelopment (WeaselStore, ClickFix) 24:10

MuddyWater vs Lyceum 29:40

Leave a Reply

Your email address will not be published. Required fields are marked *