Russia-linked hackers such as Sandworm, Gamaredon, Turla and InvisiMole continue to have Ukraine as their primary target.
Aerospace and defense companies are popular among actors with ties to North Korea. Iranian groups focus their activities on Israel. A German food company was also the target of an APT group linked to China. Overall, ESET researchers did not find any decline in activity among the various hacker groups. The current report covers the period from May to August 2022 and is available on WeLiveSecurity.de.
“The aviation and defense industries continue to be of great interest to groups allied with North Korea. For example, Lazarus targeted an employee of an aerospace company in the Netherlands. According to our investigation, the group exploited a vulnerability in a legitimate Dell driver to break into the company. We believe this is the first ever recorded abuse of this vulnerability in the wild,” explains Jan-Ian Boutin, Director of ESET Threat Research.
“We have also determined that several Russian-aligned groups have misused the Telegram messenger service to access command-and-control servers or to leak sensitive information. APT actors from other regions also attempted to gain access to Ukrainian organizations for both cyber espionage and intellectual property theft,” Boutin continued.
Cryptocurrencies: another field of activity for APT groups
Financial institutions and companies working with cryptocurrencies were the target of North Korea's Kimsuky and two campaigns by the Lazarus Group. One of these actions, dubbed Operation In(ter)ception by ESET researchers, deviated from its usual targets in the aviation and defense industries. A single person from Argentina was attacked with malware disguised as a job offer at Coinbase. ESET also discovered that the Konni group was using a technique previously used by Lazarus - a Trojanized version of the Sumatra PDF Viewer.
China-based groups continued to be very active. They exploited various vulnerabilities and previously unreported backdoors. ESET identified the Linux variant of a backdoor that was used by SparklingGoblin against a university in Hong Kong. In another case, the same group used a Confluence vulnerability to attack a food industry company in Germany and an engineering firm in the USA. ESET Research also suspects that a ManageEngine ADSelfService Plus vulnerability is behind the compromise of a US defense company. Its systems were attacked just two days after the vulnerability was published. In Japan, ESET identified several campaigns by the Mirrorface group, one of which was directly related to the elections to the upper house of parliament.
Iranian groups have Israel in their sights
The growing number of groups linked to Iran continued to focus their efforts primarily on various Israeli industries. ESET researchers were able to attribute an operation targeting a dozen organizations to POLONIUM and identify several previously undocumented backdoors. Companies and entities operating in or related to the diamond industry in South Africa, Hong Kong and Israel were targeted by Agrius.
ESET experts believe that this is a supply chain attack by abusing Israeli-based software used in this area. Another campaign in Israel found evidence of possible overlap in tool use between the MuddyWater and APT35 groups. ESET Research also discovered a new version of Android malware in a campaign conducted by the APT-C-50 group. It was distributed by a copycat Iranian website and had limited spying capabilities.
About the ESET APT Activity Report : In addition to the ESET Threat Report, ESET Research publishes the ESET APT Activity Report, which is intended to provide a regular overview of ESET's insights into Advanced Persistent Threats (APT) activity. The first edition covers the period May to August 2022. It is planned that the report will now appear alongside the ESET Threat Report. The ESET APT Activity Report is available on WeLiveSecurity: https://www.welivesecurity.com/deutsch/2022/11/16/apt-activity-report-t2-2022/
Also read: “Too gay – Fifa bans teams from celebrating goals at the World Cup in Qatar”
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

