The European Union is increasingly targeted by Chinese and Russian APT groups. This is shown by the current ESET APT report, which reports on the latest developments in hacker groups such as Lazarus, Mustang Panda or Ke3chang.
ESET security experts are seeing increasing attacks by APT (Advanced Persistent Threat) groups with ties to China, North Korea and Russia on EU countries and organizations in these countries. The Lazarus Group used bogus job offers from the aviation company Boeing to steal access data from employees of a Polish armaments company.
Ke3chang and Mustang Panda, players with ties to China, have also attacked European companies. In the context of the Ukraine war, Russian APT groups are still very active and are increasingly relying on wiper malware. In their current APT report, the ESET researchers also look at global developments. "The insights from these analyzes and observations are an important building block in the ESET technologies and contribute to their continuous improvement," says Jan-Ian Boutin, Director of ESET Threat Research.
APT groups operate globally
The Ke3chang group, allied with China, relied on new methods such as the use of a new Ketrican variant. Mustang Panda used two new backdoors. APT group MirrorFace targeted Japan and used new methods to spread malware. During Operation ChattyGoblin, the group targeted a gaming company's support agent in the Philippines to compromise the company. India-allied groups SideWinder and Donot Team continued to target government institutions in South Asia, with the former targeting the education sector in China and the latter further developing their infamous yty framework but also using the commercially available Remcos RAT.
Lazarus group attacks European armaments company
The Lazarus group, which is allied with North Korea, had targeted the employees of a Polish armaments company with a bogus Boeing job offer. Similarly, in India, the group approached a data management company with Accenture bait. ESET also identified a Linux malware used in one of the campaigns. Similarities to this newly discovered malware support the theory that the infamous North Korean-allied group is behind the 3CX supply chain attack.
Russian APT groups are active in the EU and Ukraine
APT groups allied with Russia were mostly active in Ukraine and EU countries: Sandworm used wipers (including a new one that ESET calls SwiftSlicer). Gamaredon, Sednit and the Dukes used spearphishing emails. In the Dukes' case, a Red Team implant known as Brute Ratel was executed. Finally, ESET discovered that the Zimbra email platform was also being exploited by Winter Vivern, a group primarily active in Europe. Researchers also noticed a significant drop in activity from SturgeonPhisher, a group targeting government officials in Central Asian countries with spearphishing emails, leading ESET researchers to believe the group is in the process of retooling.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.