An overview of the activities of selected APT groups investigated and analysed by ESET Research in T2 2022
Today ESET Research publishes the very first ESET APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from May until the end of August 2022 (T2 2022).
APT groups are usually operated by a nation-state or by state-sponsored actors. Their aim is to breach the security of governments, high-profile individuals, or strategic companies, and to evade detection in order to harvest highly confidential data. These groups possess advanced levels of expertise and substantial resources, among them techniques, tools, and exploits for zero-day vulnerabilities (vulnerabilities known to attackers and/or the affected vendors, but that have not yet been publicly disclosed or fixed).
In T2 2022, we saw no decline in APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors. Even more than eight months after the Russian invasion, Ukraine continues to be a prime target of Russia-aligned APT groups such as the infamous Sandworm, but also Gamaredon, InvisiMole, Callisto, and Turla.
Speaking of defense, the aerospace and defense industries continue to be of high interest to North Korea-aligned groups, along with financial and cryptocurrency firms and exchanges. In the Middle East, organizations in or linked to the diamond industry were targeted by Agrius in what we believe was a supply-chain attack that abused an Israel-based software suite used in these verticals. On the other side of the world, we identified several campaigns by MirrorFace, a China-aligned group, with one possibly targeting the House of Councillors election in Japan.
Malicious activities described in ESET APT Activity Report T2 2022 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research.
Countries, regions and verticals affected by the APT groups described in this report include:
|Targeted countries and regions||Targeted business verticals|
• Hong Kong
• South Africa
• United States
• Blockchain technology companies
• Branding and marketing
• Communications industry
• Diamond industry
• Financial services
• Information technology
• National and local governments
• Political entities
• Social services
ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided in ESET APT Reports PREMIUM. For more information, visit the ESET Threat Intelligence website.
Read full report: ESET APT Activity Report T2 2022
Follow ESET research on Twitter for regular updates on key trends and top threats.
by Jean-Ian Boutin, ESET