ESET APT Activity Report T3 2022

ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives. ESET researchers also detected a MirrorFace spearphishing campaign targeting political entities in Japan and noticed a gradual change in the targeting of some China-aligned groups - Goblin Panda started to duplicate Mustang Panda's interest in European countries. Iran-aligned groups continued to operate at a high volume - besides Israeli companies, POLONIUM also started targeting foreign subsidiaries of Israeli companies, and MuddyWater probably compromised a managed security provider. In various parts of the world, North Korea-aligned groups used old exploits to compromise cryptocurrency firms and exchanges; interestingly, Konni has expanded the repertoire of languages it uses in its decoy documents to include English, which means it might not be aiming at its usual Russian and Korean targets. We discovered a cyberespionage group that targets high-profile government entities in Central Asia; we named it SturgeonPhisher. Malicious activities described in ESET APT Activity Report T3 2022 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research. Follow ESET research on Twitter for regular updates on key trends and top threats.

This Cyber News was published on www.welivesecurity.com. Publication date: Thu, 02 Feb 2023 04:14:02 +0000


Cyber News related to ESET APT Activity Report T3 2022

CVE-2022-27167 - Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 ...
2 years ago
CVE-2021-37851 - Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 ...
2 years ago
ESET Launches New Managed Detection and Response Service for Small and Midsize Businesses - PRESS RELEASE. BRATISLAVA/SAN DIEGO - January 17, 2024 - ESET, a global leader in cybersecurity, has announced the launch of ESET MDR, an innovative solution aimed at addressing the evolving cybersecurity challenges faced by SMBs. This new offering ...
10 months ago Darkreading.com
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
1 year ago Welivesecurity.com
CVE-2020-26941 - A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited ...
3 years ago
Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
11 months ago Darkreading.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
H2 2023 Threat Landscape Dominated by AI and Android Spyware - The threat landscape has been bustling in the second half of 2023, according to cybersecurity provider ESET. In its Threat Report: H2 2023, the firm recorded many significant cybersecurity incidents between June and November 2023, a period dominated ...
10 months ago Infosecurity-magazine.com
China-Backed APT Group Culling Thai Government Data - Analysis showed CeranaKeeper was using components common with the known Chinese-backed APT group Mustang Panda, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub. An ...
1 month ago Darkreading.com
ESET Small Business Security offers protection against online fraud, data theft and human error - ESET introduced ESET Small Business Security, which has been specifically designed to meet the cybersecurity needs of Small Office/Home Office business owners. According to the Small Business Administration, out of the 33.3 million small businesses ...
7 months ago Helpnetsecurity.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
10 months ago Techrepublic.com
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
1 year ago Thehackernews.com
OilRig targets Israel organizations with new lightweight downloaders - ESET researchers analyzed a growing series of new OilRig downloaders that the group used in several campaigns throughout 2022 to maintain access to target organizations of special interest, all located in Israel. They include an organization in the ...
11 months ago Helpnetsecurity.com
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
6 months ago Darkreading.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
8 months ago Darkreading.com
5 Lessons Learned from Windows Remote Desktop Honeypot Report - Recently, the SANS Institute released their annual Windows Remote Desktop Honeypot Report, providing comprehensive insights into the nature of malicious activity in a Windows environment. In order to understand how your own Windows network can be ...
1 year ago Bleepingcomputer.com
The who, where, and how of APT attacks - This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape. First, their new APT Activity Report reviewed the key aspects of sophisticated ...
6 months ago Welivesecurity.com
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
2 years ago
Signature Techniques of Asian APT Groups Revealed - The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and ...
11 months ago Infosecurity-magazine.com
Why the Keitaro TDS keeps causing security headaches - A software company named Keitaro has long been labeled by cybersecurity vendors as a legitimate traffic distribution system vendor, yet the company's product is repeatedly used for malicious activity by cybercriminals. Despite being described as a ...
7 months ago Techtarget.com
Sandworm APT targets Ukraine with new SwiftSlicer wiper - Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The ...
1 year ago Securityaffairs.com
What's new in the MSRC Report Abuse Portal and API - The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report ...
4 months ago Msrc.microsoft.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Get Elite Protection from Malware with Award Winning Antivirus - TL;DR: Protect your computer from common viruses and other forms of malware, including ransomware and rootkits, with the ESET NOD32 Antivirus 2024 Edition, on sale for just $24.99 through January 14. Now that hackers have access to AI and machine ...
10 months ago Techrepublic.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)