ESET - APT Activity Report

1st Official Post
    • Official Post

    Today, in our latest APT Activity Report, we reveal a spearphising campaign that impersonates ESET and tried to abuse our good reputation with Ukrainian organizations.

    Conducted by the Russia-aligned actor InedibleOchotense, the campaign used emails and messages on Signal with link to ESET-themed malicious websites that delivered trojanized ESET installer. If executed, the downloaded ZIP archive contained ESET’s legitimate AV Remover tool and malware Kalambur backdoor.

    But that is not all for Russia-aligned threats. The report also details several campaigns by RomCom exploiting two chained zero-days in Mozilla and Windows and another zero-day in WinRAR.


    No alternative text description for this image

    While, Gamaredon continued with its typical high-volume activity targeting Ukraine, we also observed a far more atypical behavior - a first known instance where they cooperated with Turla. This observed collaboration is especially striking considering that Russian intelligence services are known for their fierce internal rivalries.

    At the same time, China-aligned APT groups did not sit idly by. FamousSparrow, a China-aligned group, was particularly active against governmental entities in at least five Latin American countries. This sudden change in their victimology - formerly we’ve observed their activity in Americas but mostly north of the Equator - could be part of China’s reaction to recent US initiatives in the region.

    “Secure Your World, Protect Your Life.”
    “Empowering Each Other to Stay Secure.”

    Quote from Negan

    Today, in our latest APT Activity Report, we reveal a spearphising campaign that impersonates ESET and tried to abuse our good reputation with Ukrainian organizations. Conducted by the Russia-aligned actor InedibleOchotense, the campaign used emails and messages on Signal with link to ESET-themed malicious websites that delivered trojanized ESET installer. If executed, the downloaded ZIP archive contained ESET’s legitimate AV Remover tool and malware Kalambur backdoor. But that is not all for Russia-aligned threats. The report also details several campaigns by RomCom exploiting two chained zero-days in Mozilla and Windows and another zero-day in WinRAR. While, Gamaredon continued with its typical high-volume activity targeting Ukraine, we also observed a far more atypical behavior - a first known instance where they cooperated with Turla. This observed collaboration is especially striking considering that Russian intelligence services are known for their fierce internal rivalries. At the same time, China-aligned APT groups did not sit idly by. FamousSparrow, a China-aligned group, was particularly active against governmental entities in at least five Latin American countries. This sudden change in their victimology - formerly we’ve observed their activity in Americas but mostly north of the Equator - could be part of China’s reaction to recent US initiatives in the region.

    Negan, your post highlights some concerning trends in APT activity. The spearphishing campaign targeting Ukrainian organizations is particularly alarming, especially given its use of ESET's reputation to deceive victims. The collaboration between Gamaredon and Turla also raises questions about the dynamics within Russian intelligence. It's clear that both Russia and China are intensifying their cyber operations, with implications for global security. Keeping a close eye on these developments will be crucial for organizations at risk.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login