The ESET Research Podcast: APT Activity Review Q4 2023–Q1 2024

AndyC 15 June 2024

ESET Research
Confirmation of cyberespionage involvement linked to China in the I-SOON data leak, coupled with increased aggression from Iran-aligned groups post the 2023 Hamas-led Israel attack

ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

ESET Research

Confirmation of cyberespionage involvement linked to China in the I-SOON data leak, coupled with increased aggression from Iran-aligned groups post the 2023 Hamas-led Israel attack

ESET Research

ESET Research

14 Jun 2024
 • 
,
2 min. reading time

ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

The Q4 2023–Q1 2024 ESET APT Activity Report is scrutinized for standout revelations in the latest episode of the ESET Research Podcast. The report delves into the operations of various advanced persistent threat (APT) groups worldwide.

The I-SOON data leak has enabled the identification of FishMonger, previously notorious for the 2019 cyberattacks on Hong Kong universities, as the entity behind I-SOON. This leak has also unveiled Operation ChattyGoblin, a campaign targeting Southeast Asian gambling firms since 2021. I-SOON engineered a gambling activity tracking platform, deemed illegal in China, facilitating China’s Ministry of Public Safety in taking action against tracked Chinese citizens.

Another China-affiliated group, Mustang Panda, has broadened its scope beyond APAC, targeting the US and Europe over the past couple of years. Noteworthy is the series of attacks on cargo shipping enterprises in Norway, Greece, and the Netherlands. Intriguingly, malware was detected on the ships’ systems and, in some instances, was launched via USB devices.

Iran-aligned factions have intensified their assaults on Israeli targets. This escalation involves either brokerage of access for sale or immediate utilization in impact attacks featuring ransomware or wipers. Nevertheless, the surge in incidents has been accompanied by a decline in operations’ quality and efficacy, particularly evident in MuddyWater. There has been a noticeable shift towards more pronounced attacks since the 2023 Hamas-led Israel incident.

To explore these and other topics from the ESET APT Activity Report, tune in to the most recent episode of the ESET Research podcast, featuring Aryeh Goretsky as the host interviewing ESET Principal Malware Researcher, Robert Lipovský.

For the comprehensive report encompassing subjects like a psyop campaign against Ukraine, a watering-hole assault on a regional news portal covering Gilgit-Baltistan, and spearphishing initiatives by North Korea-affiliated groups targeting South Korean entities, simply click here.

Stay updated on major trends and key threats by following ESET research on X

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025
ESET Threat Report H2 2025

ESET Threat Report H2 2025

AndyC 17 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025
Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.