The ESET APT Activity Report Q2–Q3 2023 has provided a comprehensive overview of the activities of various advanced persistent threat (APT) groups from April 2023 to the end of September 2023. The report, compiled by ESET researchers, highlights the use of known vulnerabilities by APT groups to exfiltrate data from governmental entities and related organizations.
In this time period, several APT groups took advantage of vulnerabilities in popular software to target governmental organizations in Ukraine, Europe, and Central Asia. Russia-aligned groups such as Sednit, Sandworm, Sturgeon Phisher, and Winter Vivern targeted vulnerabilities in WinRAR, Roundcube, Zimbra, and Outlook for Windows. North Korea-aligned Konni also exploited vulnerabilities in WinRAR, while geographically unattributed Winter Vivern targeted Roundcube and Zimbra.
Additionally, China-aligned threat actors were observed exploiting weaknesses in Microsoft Exchange servers, IIS servers, and the Proself online storage service, extending their targeting from telecommunications operators to government organizations worldwide. Iranian and Middle East-aligned groups primarily focused on espionage and data theft from organizations in Israel, with MuddyWater also targeting an unidentified entity in Saudi Arabia.
Russia-aligned groups, particularly Sandworm, continued to target Ukraine, deploying new versions of known wipers and advertising their cybersabotage operations on Telegram. On the other hand, North Korea-aligned groups, such as Lazarus, focused on Japan, South Korea, and South Korea-focused entities using carefully crafted spearphishing emails, with the most active scheme being Operation DreamJob. Notably, the report also uncovered the operations of three previously unidentified China-aligned groups: DigitalRecyclers, TheWizards, and PerplexedGoblin, targeting governmental organizations in the EU and conducting adversary-in-the-middle attacks.
The malicious activities described in the report were detected by ESET products, with shared intelligence based on proprietary ESET telemetry data and verified by ESET researchers. The countries, regions, and verticals affected by the APT groups include Ukraine, Europe, Central Asia, Israel, Japan, South Korea, and the EU.
Overall, the ESET APT Activity Report Q2–Q3 2023 serves as a valuable resource for organizations, security professionals, and policymakers to understand and counter the evolving tactics of APT groups and protect against cyber threats. It underscores the importance of proactive measures such as patching known vulnerabilities, deploying robust security solutions, and maintaining a heightened level of awareness to defend against sophisticated cyber attacks.