The recent I-SOON data leak has brought to light the involvement of a contractor in cyberespionage for China, while Iran-aligned groups have intensified their aggressive tactics following the Hamas-led attack on Israel in 2023. These revelations were discussed in the latest episode of the ESET Research Podcast, where the findings of the Q4 2023–Q1 2024 ESET APT Activity Report were analyzed in detail.
One of the key revelations from the data leak was the identification of FishMonger as the group behind cyberattacks on Hong Kong universities in 2019. This group, known for its malicious activities, operated under the guise of I-SOON. The leak also exposed Operation ChattyGoblin, a series of attacks targeting Southeast Asian gambling companies since 2021. I-SOON developed a platform for monitoring gambling activities, deemed illegal in China, which could potentially lead to actions by China’s Ministry of Public Safety against Chinese citizens tracked through the platform.
Additionally, another China-aligned group called Mustang Panda has expanded its targets beyond the Asia-Pacific region to include the US and Europe over the past two years. The group was involved in a series of attacks on cargo shipping companies in Norway, Greece, and the Netherlands. What makes these attacks particularly concerning is that malware was detected on the ships’ systems, with some instances of the malware being launched from USB devices.
On the other hand, Iran-aligned groups have intensified their operations against targets in Israel, either by brokering access to sell on the market or by using it directly for impact attacks involving ransomware or wipers. However, despite the increase in the quantity of attacks, there has been a noticeable decrease in the quality and effectiveness of the operations and tools used, particularly in the case of MuddyWater. This shift in focus towards more prominent and disruptive attacks has been attributed to the aftermath of the Hamas-led attack on Israel in 2023.
The latest episode of the ESET Research podcast, hosted by Aryeh Goretsky and featuring ESET Principal Malware Researcher Robert Lipovský, delves deeper into these findings from the APT Activity Report. Listeners can explore the full report, which covers a range of topics including a psyop campaign targeting Ukraine, a watering-hole attack on a regional news website covering Gilgit-Baltistan, and spearphishing campaigns carried out by North Korea-aligned groups against entities in South Korea.
For those interested in staying updated on key trends and top threats in the cybersecurity landscape, following ESET Research on Twitter is recommended. By keeping abreast of the latest developments in the field, individuals and organizations can better protect themselves against evolving cyber threats.