The European IT security manufacturer ESET has published its current “APT Activity Report T3 2022”. These reports regularly summarize investigation results on selected Advanced Persistent Threat (APT) groups. In the latest edition, which covers the period from September to December 2022, ESET experts present their latest findings on various global hacking campaigns. Groups allied with China have shifted their activities to European countries. Ukraine is also still in the sights of Russian hackers such as Sandworm, Callisto and Gamaredon. In addition, groups linked to Iran and North Korea continue to operate on a large scale.
Chinese threat actors are making Europe unsafe
“European countries are becoming more and more interesting for Chinese APT groups. “Typically, China-aligned hacker groups like Goblin Panda and Mustang Panda tend to focus their activities on Southeast Asia,” said Jan-Ian Boutin, director of ESET Threat Research. “But last November, ESET researchers found a new backdoor called TurboSlate in a government organization in the European Union. The malware could be traced back to Goblin Panda, which appears to be copying the field of activity of the APT group Mustang Panda. The latter discovered European destinations for themselves at the beginning of 2022. “The cyber espionage group is known for targeting government institutions, companies and research institutions. “Last September, ESET experts discovered a Korplug loader that was used by the hackers at a company in the Swiss energy and technology sector,” continued Boutin.
Cyber war in Ukraine continues
The infamous Sandworm group also remains very active and continues its operations against Ukraine. ESET researchers discovered a previously unknown wiper that was used against an energy sector company in the Eastern European country in October 2022. The attack described took place just as Russian forces began launching missile attacks on energy infrastructure. Although ESET cannot prove that these events were coordinated, this suggests that Sandworm and the Russian military have similar goals.
ESET has named the latest wiper, one of a series of previously discovered wipers, NikoWiper. The malicious program is based on SDelete, a command-line utility from Microsoft used to securely delete files. In addition to data-wiping malware, ESET researchers also discovered Sandworm attacks that used ransomware as a wiper. The encryption software had the same goal as the wiper, it was all about destroying data. This is particularly evident from the fact that the provision of a decryption key was never planned.
In addition to Sandworm, other Russian APT groups such as Callisto and Gamaredon have continued their spearphishing campaigns against Ukraine to steal login credentials and install malware. In October 2022, ESET discovered Prestige ransomware used against logistics companies in Ukraine and Poland. A month later, ESET researchers in Ukraine found new encryption software written in .NET, which they called RansomBoggs. ESET Research published its research results on this campaign on the Twitter account of the same name.
Iran and North Korea continue to operate on a large scale
Groups allied with Iran are also continuing their attacks - in addition to Israeli companies, POLONIUM also targeted the foreign subsidiaries of Israeli companies. Iranian APT group MuddyWater is also suspected of compromising a managed security services provider.
The North Korea-linked hacking group Konni used old vulnerabilities to affect cryptocurrency firms and exchanges in various parts of the world. ESET researchers discovered that the threat actors added English to the repertoire of languages it uses in its deceptive documents. This suggests that they are no longer limiting their scope of action exclusively to the usual Russian and South Korean targets.
Article image: Pixabay
Source:
PT/ESET
Also interesting: February 1st is “Change Your Password” day.
– Bitkom gives tips for secure passwords. – Passwords: Please no longer use 123456 or password!
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

