ESET APT Activity Report: China-Aligned Groups Expand Targeting; Iran Advances Diplomatic Espionage IT News Online Staff 2024-11-10 ESET Research has released its latest APT Activity Report, which highlights activities of select advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024. ESET observed a notable expansion in targeting by China-aligned MirrorFace. Typically focused on Japanese entities, it extended its operations to include a diplomatic organization in the European Union for the first time, while continuing to prioritize its Japanese targets. Additionally, China-aligned APT groups have been increasingly relying on the open-source and multiplatform SoftEther VPN to maintain access to victims' networks. Researchers also observed indications that Iran-aligned groups might be leveraging their cyber capabilities to support diplomatic espionage and, potentially, kinetic operations. "With regard to China-aligned threat groups, we detected extensive use of the SoftEther VPN by Flax Typhoon, observed Webworm switching from its full-featured backdoor to using the SoftEther VPN Bridge on machines belonging to governmental organizations in the EU, and noticed GALLIUM deploying SoftEther VPN servers at telecommunications operators in Africa," said Jean-Ian Boutin, Director of Threat Research, ESET. "For the first time, we observed MirrorFace targeting a diplomatic organization within the EU, a region that remains a focal point for several China-, North Korea- and Russia-aligned threat actors. Many of these groups are particularly focused on governmental entities and the defense sector." Iran-aligned groups, on the other hand, compromised several financial services firms in Africa, a continent geopolitically important to Iran, conducted cyberespionage against Iraq and Azerbaijan, neighboring countries with which Iran has complex relationships and increased their stake in the transport sector in Israel. Despite this seemingly narrow geographical targeting, Iran-aligned groups maintained a global focus, further pursuing diplomatic envoys in France and educational organizations in the United States. North Korea-aligned threat actors persisted with their pursuit of stolen funds, both traditional currencies and cryptocurrencies. ESET observed these groups continuing their attacks on defense and aerospace companies in Europe and the U.S., as well as targeting cryptocurrency developers, think tanks and NGOs. One such group, Kimsuky, began abusing Microsoft Management Console files, which are typically used by system administrators, but can execute any Windows command. Additionally, several North Korea-aligned groups frequently misused popular cloud-based services. ESET Research detected Russia-aligned cyberespionage groups frequently targeting webmail servers such as Roundcube and Zimbra, usually with spear phishing emails that trigger known XSS vulnerabilities. Besides Sednit targeting governmental, academic and defense-related entities worldwide, ESET identified another Russia-aligned group, GreenCube, stealing email messages via XSS vulnerabilities in Roundcube. Other Russia-aligned groups continued to focus on Ukraine, with Gamaredon deploying large spear phishing campaigns, while reworking its tools using and abusing both Telegram and Signal messaging apps. Additionally, Sandworm used its new Windows backdoor named WrongSens. ESET also analyzed the public hack-and-leak of data from the Polish Anti-Doping Agency, which was likely compromised by an initial access broker who then shared access with the Belarus-aligned FrostyNeighbor APT group, an entity behind cyber-enabled disinformation campaigns critical of NATO. In Asia, ESET observed that campaigns continued to focus primarily on governmental organizations. However, research also noticed an increased emphasis on the education sector, particularly targeting researchers and academics focused on the Korean peninsula and Southeast Asia. This shift was driven by threat actors aligned with China and North Korea's interests. Lazarus, one of the North Korea-aligned groups, continued to attack entities around the globe in the financial and technology sectors. In the Middle East, several Iran-aligned APT groups continued to attack governmental organizations, with Israel being the most affected country. Over the past two decades, Africa has become a significant geopolitical partner for China, and we have seen China-aligned groups expand their activities on that continent. In Ukraine, Russia-aligned groups continued to be the most active, heavily impacting governmental entities, the defense sector and essential services such as energy, water and heat supply.

News via IT News Online

Techwave Opens Next-Generation Office and AI Engineering Hub in Hyderabad IT News Online

CloudSEK Exposes Dangerous Malware Campaign Targeting YouTube Creators and Businesses IT News Online

Freshworks' AI Workplace Report: 79 Percent of Indian Companies Plan to Increase AI Spending in 2025 IT News Online

AIIMS Signs MoU with Wipro GE Healthcare to Establish AI Health Innovations Hub IT News Online

Latest on IT News Online

The Glimpse Group Announces the Closing of a $7.29 Million Registered Direct Offering; Proceeds to Accelerate Spatial Computing, AI and Immersive Capabilities and Support Customer Contracts Traction ACCESSWIRE

NuRAN Provides Corporate Update ACCESSWIRE

Beyond Work Unveils Next-Generation Memory-Augmented AI Agent (MATRIX) for Enterprise Document Intelligence ACN Newswire

Beyond Work Unveils Next-Generation Memory-Augmented AI Agent (MATRIX) for Enterprise Document Intelligence ACCESSWIRE

ARIA Cybersecurity Solutions Partners with UFT to Protect Water Treatment Facilities from Dangerous Cyberattacks ACCESSWIRE

Enov8 Launches Live APM - Marrying Strategy With Delivery ACCESSWIRE

HelpWire Expands Remote Support With Unattended Access Feature ACCESSWIRE

Press Releases via Business Wire India

Innovation and Impact Summit hosted by Shiv Nadar Institution of Eminence, Delhi – NCR brings together participants from 36 countries

Accordion Expands Global Data Analytics Capabilities, Doubling Down on India as a Growth Hub

German Design Awards Honor TECNO PHANTOM V Fold2 5G and PHANTOM V Flip2 5G: A Triumph of Product Design Excellence

Pennant Technologies Named Fastest Growing Technology Company in Deloitte Technology Fast 50 India 2024

Press Releases via Globe Newswire

Best Wallet Raises Over $5M in Token Presale for Cross-Chain Web3 Storage Solution

Track Group Reports Fiscal 2024 Financial Results

Melexis: update on the share buy-back program

TSplus Partners with ComponentSource to Expand Global Reach and Accessibility

Press Releases via PR Newswire

JAS Worldwide Signs SPA with International Airfreight Associates B.V.

Envera Welcomes Daniel Babb as Chief Operating Officer to Drive Customer Excellence and World-Class Technology

Cyngn Announces Closing of $20.0 Million Follow On Offering Priced At-the-Market

Scientology Introduces Bold New Campaign Highlighting Its Global Mission

Press Releases via PR.com

Neuroshop Introduces Next-Generation Electronic Shelf Labels Across the U.S. and the Middle East, Aiming to Redefine In-Store Efficiency and Customer Experiences

Fashonation Announces Integration of Artificial Intelligence to Enhance User Experience

QNAP Strengthens Long-Term Commitment to Vietnam and Congratulates Viettel Cybersecurity Team for Outstanding Achievement

THINKWARE Announces Dash Cam Deals Heading Into the Holidays

Press Releases via RealWire

Speedcast Delivers First Live Deployment for OneWeb’s Maritime LEO Service

Infinigate Group Appoints Simon England as Chief Growth Officer

neXat expands further East with KT SAT partnership

Upgraded RADOX® EV-C with high-voltage Flex cable to ease harness preparation and installation for electric vehicles