ESET APT Activity Report T3 2022 | WeLiveSecurity

1 year ago AndyC

An
overview
of
the
activities
of
selected
APT
groups
investigated
and
analyzed
by
ESET
Research
in
T3
2022

ESET APT Activity Report T3 2022 | WeLiveSecurity

An
overview
of
the
activities
of
selected
APT
groups
investigated
and
analyzed
by
ESET
Research
in
T3
2022


ESET
APT
Activity
Report
T3
2022
summarizes
the
activities
of
selected
advanced
persistent
threat
(APT)
groups
that
were
observed,
investigated,
and
analyzed
by
ESET
researchers
from
September
until
the
end
of
December
2022.

In
the
monitored
timespan,
Russia-aligned
APT
groups
continued
to
be
particularly
involved
in
operations
targeting
Ukraine,
deploying
destructive
wipers
and
ransomware.
Among
many
other
cases,
we
detected
the
infamous
Sandworm
group
using
a
previously
unknown
wiper
against
an
energy
sector
company
in
Ukraine.
APT
groups
are
usually
operated
by
a
nation-state
or
by
state-sponsored
actors;
the
described
attack
happened
in
October,
in
the
same
period
as
the
Russian
armed
forces
started
launching
missile
strikes
targeting
energy
infrastructure,
and
while
we
are
not
able
to
show
those
events
were
coordinated,
it
suggests
that
Sandworm
and
military
forces
of
Russia
have
related
objectives.

ESET
researchers
also
detected
a
MirrorFace
spearphishing
campaign
targeting
political
entities
in
Japan
and
noticed
a
gradual
change
in
the
targeting
of
some
China-aligned
groups

Goblin
Panda
started
to
duplicate
Mustang
Panda’s
interest
in
European
countries.
Iran-aligned
groups
continued
to
operate
at
a
high
volume

besides
Israeli
companies,
POLONIUM
also
started
targeting
foreign
subsidiaries
of
Israeli
companies,
and
MuddyWater
probably
compromised
a
managed
security
provider.
In
various
parts
of
the
world,
North
Korea-aligned
groups
used
old
exploits
to
compromise
cryptocurrency
firms
and
exchanges;
interestingly,
Konni
has
expanded
the
repertoire
of
languages
it
uses
in
its
decoy
documents
to
include
English,
which
means
it
might
not
be
aiming
at
its
usual
Russian
and
Korean
targets.
Additionally,
we
discovered
a
cyberespionage
group
that
targets
high-profile
government
entities
in
Central
Asia;
we
named
it
SturgeonPhisher.

Malicious
activities
described
in

ESET
APT
Activity
Report
T3
2022
are
detected
by
ESET
products;
shared
intelligence
is
based
mostly
on
proprietary
ESET
telemetry
and
has
been
verified
by
ESET
Research.

Countries,
regions
and
verticals
affected
by
the
APT
groups
described
in
this
report
include:

Targeted
countries
and
regions		 Targeted
business
verticals
Central
Asia
Egypt
European
Union
Hong
Kong
Israel
Japan
Latvia
Poland
Saudi
Arabia
Serbia
South
Korea
Tanzania
Ukraine
United
States		 Blockchain-based
solutions
(Web3)
developers
Cryptocurrency
firms
and
exchanges
Defense
Energy
industry
Engineering
Financial
services
Gambling
companies
Logistics
Managed
security
providers
Manufacturing
National
and
local
governments
Political
entities
Satellite
communication
companies

ESET
APT
Activity
Reports
contain
only
a
fraction
of
the
cybersecurity
intelligence
data
provided
in
ESET
APT
Reports
PREMIUM.
For
more
information,
visit
the

ESET
Threat
Intelligence
website.


Follow ESET
research
on
Twitter for
regular
updates
on
key
trends
and
top
threats.


Similar
Articles

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Pay up, or else? – Week in security with Tony Anscombe

14 hours ago AndyC
Crypto recovery scams – and how they add insult to injury

Crypto recovery scams – and how they add insult to injury

2 days ago AndyC
Why space exploration is important for Earth and its future: Q&A with David Eicher

Why space exploration is important for Earth and its future: Q&A with David Eicher

5 days ago AndyC

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

1 week ago AndyC
What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

1 week ago AndyC
How technology drives progress: A Q&A with Nobel laureate Michel Mayor

How technology drives progress: A Q&A with Nobel laureate Michel Mayor

1 week ago AndyC

You may have missed

Pay up, or else? – Week in security with Tony Anscombe

14 hours ago AndyC
Blackbasta gang Synlab Italia attack

Blackbasta gang Synlab Italia attack

17 hours ago AndyC
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

23 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Your Google Account allows you to create passkeys on your phone, computer and security keys

23 hours ago AndyC
Your Google Account allows you to create passkeys on your phone, computer and security keys

Detecting browser data theft using Windows Event Logs

23 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.