Tag: cyberespionage

ESET discovers new APT group and its supply chain attack on South Korean VPN service

January 22, 2025

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a newly discovered and previously undetected China-aligned APT group that ESET has named PlushDaemon. In this cyberespionage operation, the attackers replaced the legitimate installer with one that also deployed the group’s signature implant, which ESET has named SlowStepper — a … More ESET discovers new APT group and its supply chain attack on South Korean VPN service

ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by RomCom APT group

November 26, 2024

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit. ESET researchers discovered a previously unknown vulnerability, CVE-2024-9680, in Mozilla products, exploited in the wild by APT group RomCom. Further analysis revealed another zero-day vulnerability in … More ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by RomCom APT group

ESET Research discovers WolfsBane, new Linux cyberespionage backdoor by Gelsemium APT

November 21, 2024

ESET researchers have identified multiple samples of a Linux backdoor, which they named WolfsBane and attribute with high confidence to Gelsemium advanced persistent threat (APT) group. ESET researchers have identified multiple samples of a Linux backdoor, which they named WolfsBane and attribute with high confidence to Gelsemium advanced persistent threat (APT) group. The goal of … More ESET Research discovers WolfsBane, new Linux cyberespionage backdoor by Gelsemium APT

Cyberespionage the Gamaredon way

November 14, 2024

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics. When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy group capable of avoiding all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the … More Cyberespionage the Gamaredon way

ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability

August 30, 2024

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). The vulnerability was being exploited by APT-C-60, allegedly a South Korea-aligned cyberespionage group, to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are … More ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability