The APT Activity Report shows that the EU, Israel and Ukraine are particularly affected by attacks by state-backed hacker groups.
Cybercriminals pursue different goals with their actions: Russian hackers primarily want to support the war against Ukraine. Chinese groups particularly spy on government organizations and companies in the EU to obtain sensitive information.
“Organizations around the world are facing increasingly frequent and sophisticated attacks,” said Jan-Ian Boutin, Director of ESET Threat Research, summarizing the report. “The ongoing cyber attacks on Ukraine and cyber espionage from China show that cyberspace has established itself as a venue for state interests. The high success rate for hacks also demonstrates the great professionalism and extensive financial resources that these groups can draw on.”
New tools, new goals
More than a year and a half after the start of the war, Ukraine is still the main target of Russian hackers. Sandworm, a notorious hacking group affiliated with Russia's GRU military intelligence agency, used well-known malware versions such as "NikoWiper" and "RoarBat" in its attacks in April, but also used a new variant called "SharpNikoWiper." The group's goal remains to delete data on their victims' computers and cause further destruction. Mainly authorities and offices, but also private companies and media houses, were attacked.
For other groups, the target of the attacks has shifted: At the beginning of the war, the focus was on sabotage operations to weaken Ukraine's infrastructure and defense. Hackers are currently increasingly concentrating on cyber espionage. For example, in April the Gamaredon group stole access data from Outlook accounts and browser cookies for so-called session hijacking. In addition, with the help of new hacking tools, she was able to access information from desktop and web applications from Telegram, Signal and WhatsApp. With their actions, the criminals primarily targeted chat information from Ukrainian military personnel - possibly in order to obtain information about troop movements, locations and logistics.
ESET researchers also found that groups from Iran and other Middle Eastern countries continue to operate on a large scale. They focus their actions on espionage and data theft from organizations in Israel. The Iran-aligned group MuddyWater also targeted an unidentified facility in Saudi Arabia. The malware deployed suggests that this threat actor is serving as an enabler for a more advanced group.
Chinese cybercriminals
The ESET Activity Report also provides insight into three newly discovered groups operating from China attacking government organizations in Europe and companies worldwide. DigitalRecyclers has been active in the EU since 2018 and distributes malware to the computers of government employees via compromised Microsoft Exchange servers. TheWizards group relies on adversary-in-the-middle attacks, in which cybercriminals hack into the communication of external computer networks in order to access critical data. Last but not least, PerplexedGoblin installed a backdoor called “TurboSlate” on the systems of European government organizations.
More at Eset.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.
Matching articles on the topic