APT Activity Report Q4 2023–Q1 2024

The ESET Research podcast episode delves into the significant findings from the Q4 2023–Q1 2024 ESET Advanced Persistent Threat (APT) Activity Report. A major reveal is the association of the I-SOON data leak with cyberespionage activities connected to China, specifically identifying the group FishMonger, which gained notoriety for its cyberattacks on Hong Kong universities in 2019. The leak further reveals this group’s involvement in developing a tracking platform for gambling activities, a measure deemed illegal in China, enabling the Ministry of Public Safety to monitor and potentially penalize citizens.

In addition to FishMonger, the report highlights another China-aligned group, Mustang Panda, which has broadened its targeting range over the past two years, extending its operations to the US and Europe. Notable attacks from this group include targeting cargo shipping companies in Norway, Greece, and the Netherlands, where malware was detected on ship systems, with some instances of infection originating from USB devices.

The report also addresses the escalation of activities by Iran-aligned groups, particularly following the Hamas-led attack on Israel in 2023. These groups have intensified their operations against Israeli targets, employing tactics such as access brokering—selling accessed data on the dark market—and implementation of impactful attacks using ransomware or data-wiping malware. Despite the increase in operational frequency, the report indicates a concerning decline in the qualitative efficacy of these operations, especially regarding the MuddyWater group, which has shifted towards more overt attacks.

The podcast features a discussion between Aryeh Goretsky and ESET Principal Malware Researcher Robert Lipovský, further unpacking these findings and their implications. Listeners gain insights into various cyber threats and trends, showcasing ESET’s ongoing commitment to tracking APT activities globally.

The report encompasses various other topics, including a psychological operation campaign against Ukraine, a watering-hole attack on a regional news website in Gilgit-Baltistan, and spearphishing campaigns by North Korean affiliates aimed at South Korean entities.

For continued updates on cybersecurity trends and developments, ESET encourages followers to engage with their research on social media platforms. The conversation in the podcast emphasizes the evolving landscape of cyber threats and the need for ongoing vigilance and response strategies in the face of increasing aggressions from APT groups.