ESET Research has recently released its APT Activity Report for Q4 2023–Q1 2024, providing an overview of the activities of selected advanced persistent threat (APT) groups that have been investigated and analyzed by their researchers. The report highlights the notable operations of these threat actors from October 2023 to March 2024, shedding light on key trends and developments in the cybersecurity landscape.
One of the key findings in the report is the exploitation of vulnerabilities by China-aligned threat actors in public-facing appliances and software. These actors targeted VPNs, firewalls, Confluence, and Microsoft Exchange Server to gain initial access to their targets across various industries. The report also confirms the involvement of the Chinese contractor I-SOON (Anxun) in cyberespionage activities, with a particular focus on the FishMonger group. Additionally, a new China-aligned APT group, CeranaKeeper, has been identified, displaying unique characteristics while potentially sharing resources with the Mustang Panda group.
Following the Hamas-led attack on Israel in October 2023, an increase in activity from Iran-aligned threat groups was observed. Groups such as MuddyWater and Agrius shifted their focus towards more aggressive strategies like access brokering and impact attacks. On the other hand, Russia-aligned groups concentrated on espionage within the European Union and attacks on Ukraine. The Operation Texonto campaign, uncovered by ESET researchers, aimed at spreading disinformation and psychological operations related to Russian-election-related protests and the situation in Ukrainian Kharkiv.
In the Middle East, the report highlights the activities of SturgeonPhisher, a group believed to be aligned with Kazakhstan’s interests. A watering-hole attack on a regional news website covering Gilgit-Baltistan, a disputed region administered by Pakistan, was also noted. Additionally, Winter Vivern exploited a zero-day vulnerability in Roundcube, with the group assessed to be aligned with Belarus’ interests.
It is important to note that the malicious activities described in the ESET APT Activity Report are detected by ESET products and are based on proprietary telemetry data verified by their researchers. This report serves as a snapshot of the cybersecurity intelligence provided in ESET APT Reports PREMIUM, offering valuable insights into the evolving threat landscape.
For more information, readers are encouraged to visit the ESET Threat Intelligence website and follow ESET research on X for regular updates on key trends and top threats. As cybersecurity threats continue to evolve, staying informed and proactive is essential in safeguarding against potential cyber attacks.