ESET APT Report Unveils Intensified Russian Cyberattacks on Ukraine
ESET Research has released its latest APT Activity Report, which highlights activities of select APT groups that were documented by ESET researchers from October 2024 through March 2025. During the monitored period, Russia-aligned threat actors, notably Sednit and Gamaredon, maintained aggressive campaigns primarily targeting Ukraine and EU countries. Ukraine was subjected to the greatest intensity of cyberattacks against the country's critical infrastructure and governmental institutions. The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. China-aligned threat actors continued engaging in persistent espionage campaigns with a focus on European organizations.
Gamaredon remained the most prolific actor targeting Ukraine, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. 'The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations,' says ESET Director of Threat Research Jean-Ian Boutin.
Sednit refined its exploitation of cross-site scripting vulnerabilities in webmail services, expanding Operation RoundPress from Roundcube to include Horde, MDaemon, and Zimbra. ESET discovered that the group successfully leveraged a zero-day vulnerability in MDaemon Email Server (CVE-2024-11182) against Ukrainian companies. Several Sednit attacks against defense companies located in Bulgaria and Ukraine used spearphishing email campaigns as a lure. Another Russia-aligned group, RomCom, demonstrated advanced capabilities by deploying zero-day exploits against Mozilla Firefox (CVE 2024 9680) and Microsoft Windows (CVE 2024 49039).
In Asia, China-aligned APT groups continued their campaigns against governmental and academic institutions. At the same time, North Korea-aligned threat actors significantly increased their operations directed at South Korea, placing particular emphasis on individuals, private companies, embassies, and diplomatic personnel. Mustang Panda remained the most active, targeting governmental institutions and maritime transportation companies via Korplug loaders and malicious USB drives. DigitalRecyclers continued targeting EU governmental entities, employing the KMA VPN anonymization network and deploying the RClient, HydroRShell, and GiftBox backdoors. PerplexedGoblin used its new espionage backdoor, which ESET named NanoSlate, against a Central European government entity, while Webworm targeted a Serbian government organization using SoftEther VPN, emphasizing the continued popularity of this tool among China-aligned groups.
Elsewhere in Asia, North Korea-aligned threat actors were particularly active in financially motivated campaigns. DeceptiveDevelopment significantly broadened its targeting, using fake job listings primarily within the cryptocurrency, blockchain, and finance sectors. The group employed innovative social engineering techniques to distribute the multiplatform WeaselStore malware. The Bybit cryptocurrency theft, attributed by the FBI to TraderTraitor APT group, involved a supply-chain compromise of Safe{Wallet} that caused losses of approximately USD 1.5 billion. Meanwhile, other North Korea-aligned groups saw fluctuations in their operational tempo: In early 2025, Kimsuky and Konni returned to their usual activity levels after a noticeable decline at the end of 2024, shifting their targeting away from English-speaking think tanks, NGOs, and North Korea experts to focus primarily on South Korean entities and diplomatic personnel; and Andariel resurfaced, after a year of inactivity, with a sophisticated attack against a South Korean industrial software company.
Iran-aligned APT groups maintained their primary focus on the Middle East region, predominantly targeting governmental organizations and entities within the manufacturing and engineering sectors in Israel. Additionally, ESET observed a significant global uptick in cyberattacks against technology companies, largely attributed to increased activity by North Korea-aligned DeceptiveDevelopment.
'The highlighted operations are representative of the broader threat landscape that we investigated during this period. They illustrate the key trends and developments, and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports,' adds Boutin.
Intelligence shared in the private reports is primarily based on proprietary ESET telemetry data and has been verified by ESET researchers, who prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups. These threat intelligence analyses, known as ESET APT Reports PREMIUM, assist organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. More information about ESET APT Reports PREMIUM and its delivery of high-quality, actionable tactical and strategic cybersecurity threat intelligence is available at the ESET Threat Intelligence page. 0 0
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Today
6 hours ago
- Gulf Today
Putin is doing to Trump what Trump does to everyone else
John M. Crisp, Tribune News Service Russian President Vladimir Putin did something odd on May 24: He launched 367 drones and missiles against a number of Ukrainian cities, including Kyiv. At least 12 people were killed, including children, and dozens were injured. I'm calling this odd—hold that thought for a moment—but there's nothing unusual about it. The only person who appears to be surprised by another Russian attack on Ukrainian civilians was President Donald Trump, who said, 'I've always had a very good relationship with Vladimir Putin of Russia, but something has happened to him. He has gone absolutely CRAZY!' Trump added that Putin is 'needlessly killing a lot of and drones are being shot into Cities in Ukraine, for no reason whatsoever.' Trump gets the 'needlessly killing a lot of people' part right. He seems to be discovering what everyone already knows: Putin is a killer. He's not just an indifferent perpetrator of collateral damage in an unjust war, he's a murderer who doesn't hesitate to use violence to eliminate political enemies. This is the man that Trump calls 'a strong leader.' But Trump also seems to recognize the odd part of Putin's attacks on Ukrainian civilians, calling them 'Not necessary, and very bad timing.' Putin is winning the war in Ukraine. His most decisive victory occurred on Nov. 5, 2024, when Trump was elected president. The coalition organized by former President Joe Biden to resist Putin's unprovoked attack on Ukraine was seriously undermined by the election. Trump has not only threatened to cut off American aid to Ukraine and alienated Europeans who support Ukraine, but he has suggested a false, sickening equivalence of blame for this war. Putin is still a long way from his goal, which is complete control of Ukraine and, at least, some of the Baltic states. But the 'peace' plan that would be acceptable to Trump and Putin—Ukraine is a different matter—would provide the pause in the war that would allow Putin to consolidate his gains, reconstitute and rearm his military and plan his much-desired reestablishment of some version of the sphere of influence that the Soviet Union enjoyed. So why, with this tactical victory within reach, would Putin commit war crimes against Ukrainian civilians, risking a reawakening of American resistance to his war on Ukraine or, more likely, strengthening European resolve, in lieu of help from the United States, to preserve the liberal world order established after World War II? Here's my theory: Interactions among nations are often driven by rational motivations that emerge from competing economic interests. Nations tend to fight over resources. Sometimes conflicts develop over rival ideologies, but even they often have economic foundations. But sometimes wars are initiated and prolonged by the personalities and temperaments of national leaders, which helps explain why we fought so long in Vietnam or invaded Iraq, at all. Putin is a cruel criminal. But he's also a bully, a warped alpha male. He knows he's got the upper hand in Ukraine, but it's not enough just to win, he has to humiliate and dominate. To rub his opponents' noses in their defeats. Killing a few civilians without any useful military purpose is a small price for Putin to pay in order to demonstrate his dominance. And nothing gratifies an alpha male more than humiliating another alpha male. Compared to Putin, Trump is an amateur. Still, Trump is in a position to have an appreciation for some of Putin's motivations: Just winning is never enough for Trump, either. Civilization faces two daunting crises, compared with which all others—immigration, the global economy, the commercialization of the presidency—are insignificant. Climate change is a genuine threat to civilization or, at least, to the sort of life that we've grown to enjoy. The other great crisis is the ideological battle between the values that the US cultivated and nurtured after World War II—democracy, freedom of speech, rule of law, tolerance, legitimate elections—and the opposite values largely embraced by our adversaries. That conflict is being played out in Ukraine. Unfortunately, the outcomes of both crises are in considerable doubt.
Zawya
13 hours ago
- Zawya
Microsoft offers to boost European governments' cybersecurity for free
Microsoft is offering free of charge to European governments a cybersecurity programme, launched on Wednesday, to bolster their defences against cyber threats, including those enhanced by artificial intelligence, it said. After a surge in cyberattacks in Europe, many linked to state-sponsored actors from China, Iran, North Korea and Russia, the programme aims to boost intelligence-sharing on AI-based threats and help to prevent and disrupt attacks. "If we can bring more to Europe of what we have developed in the United States, that will strengthen cybersecurity protection for more European institutions," Microsoft President Brad Smith told Reuters in an interview. "You're going to see other things we are doing later in the month." Increasingly, attackers employ generative AI to amplify the scale and impact of their operations that range from disrupting critical infrastructure to spreading disinformation. Although malicious actors have weaponised AI, Smith said AI also offered defensive tools. "We don't feel that we have seen AI that has evaded our ability to detect the use of AI or the threats more broadly," Smith said. "Our goal needs to be to keep AI advancing as a defensive tool faster than it advances as an offensive weapon," he said. Microsoft tracks any malicious use of AI models it releases and prevents known cybercriminals from using its AI products. AI-driven deepfakes have included a portrayal of Ukrainian President Volodymyr Zelenskiy capitulating to Russian demands in 2022 and a fake audio recording in 2023 that influenced the Slovakian election. Smith said so far audio had been easier to fake than video. (Reporting by Supantha Mukherjee in Stockholm; editing by Barbara Lewis)
Zawya
13 hours ago
- Zawya
ESET named a notable provider in latest European MDR Landscape report
Dubai, UAE: ESET, a global leader in cybersecurity solutions, is proud to announce its recognition as a 'Notable Provider' in Forrester's recently released The Managed Detection and Response Services in Europe Landscape, Q2 2025 report. The report provides an overview of 26 MDR providers and serves as a strategic guide for security and risk (S&R) professionals seeking to navigate the evolving European MDR landscape. As outlined in the report*, Forrester defines MDR services as: 'Services that augment extended detection and response (XDR) tools with telemetry from network, identity, cloud, APIs, applications, and other log sources to produce high-fidelity detections, conduct investigations, support remote incident response, enable security automation, initiate threat hunts to identify adversaries that circumvent security controls, and help improve their clients' overall security posture.' In our view, ESET´s inclusion in the report underscores its growing influence in the European cybersecurity market and reaffirms the company's commitment to delivering high-quality, proactive threat detection and response capabilities. 'We are proud to be recognized by Forrester as a Notable Provider in the European MDR landscape,' said Michal Jankech, Vice President, Enterprise & SMB/MSP, at ESET. 'For us, this acknowledgment is a testament to the relentless dedication of our global teams and our unwavering commitment to protecting organizations across Europe with cutting-edge, resilient cybersecurity solutions. As the threat landscape becomes increasingly complex and adversaries more sophisticated, we believe that MDR must evolve beyond traditional detection and response. At ESET, we are focused on delivering intelligent and cost-effective services that not only detect threats but also empower organizations to respond with speed, precision, and confidence.' The European MDR market is becoming increasingly competitive and mature, leading customers to demand better services at lower costs. To stay competitive, providers are innovating with their offerings and pricing. As a consequence, S&R professionals will have a wide range of provider options to consider. The Forrester report identifies three major dynamics shaping the MDR market in Europe, all of which align closely with ESET's MDR offerings: European firms consider XDR an essential capability: ESET's XDR-enabling solution delivers comprehensive, transparent threat visibility and response across endpoints, networks, and applications. Backed by over 30 years of cybersecurity innovation, it combines multilayered protection, intelligent automation, and expert-level customization. AI helps fill talent gaps in detection, but not response: Complemented by expert insights, ESET effectively integrates AI into its MDR offerings through ESET AI Advisor. This tool delivers real-time, personalized threat insights, simplifies complex data for all skill levels, and boosts efficiency by automating routine tasks—empowering faster, smarter threat response. Niche regional providers leverage localization and specialization to compete with dominant players: Leveraging its Central European roots, ESET delivers highly localized, regulation-aligned cybersecurity solutions across EMEA. *Forrester: The Managed Detection And Response Services In Europe Landscape, Q2 2025. Tope Olufon with Jinan Budge, Min Say, Angela Lozada, Bill Nagel. May 1, 2025 Discover more about ESET MDR services and XDR solutions. The full report is available to Forrester clients with a valid subscription or for purchase. Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester's objectivity here. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs. Media Contact Sanjeev Vistar Communications PO Box 127631 Dubai, UAE Email: sanjeev@
