APT ACTIVITY REPORT T2 2022
Contents
APT ACTIVITY
REPORT T2 2022
AEROSPACE AND DEFENSE INDUSTRIES AMONG TARGETS
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
EXECUTIVE SUMMARY
4
RUSSIA-ALIGNED ACTIVITY
Gamaredon
InvisiMole
The Dukes
Turla
Activities related to the Russia-Ukraine war
Sandworm
Callisto
Turla
Other activites in Ukraine
6
CHINA-ALIGNED ACTIVITY
SparklingGoblin
Activity targeting the US defense sector
MirrorFace
Mustang Panda
Websiic activity cluster
8
IRAN-ALIGNED ACTIVITY
POLONIUM
APT35
Agrius
APT-C-50
OilRig
10 NORTH KOREA-ALIGNED ACTIVITY
Lazarus
Kimsuky
Konni
11 CONCLUSION
ESET APT ACTIVITY REPORT T2 2022 | 2
EXECUTIVE SUMMARY
Welcome to the inaugural issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that were
observed, investigated, and analyzed by ESET researchers from May until the end of August 2022
(T2 2022). Comprehensive descriptions of activities described in this document were initially provided
exclusively to our premium customers, along with extensive lists of IoCs, MITRE ATT&CK techniques,
YARA rules, CVEs and other information.
APT groups are usually operated by a nation-state or by state-sponsored actors. Their aim is to
breach the security of governments, high-profile individuals, or strategic companies, and to evade
detection in order to harvest highly confidential data. These groups possess advanced …
REPORT T2 2022
AEROSPACE AND DEFENSE INDUSTRIES AMONG TARGETS
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
EXECUTIVE SUMMARY
4
RUSSIA-ALIGNED ACTIVITY
Gamaredon
InvisiMole
The Dukes
Turla
Activities related to the Russia-Ukraine war
Sandworm
Callisto
Turla
Other activites in Ukraine
6
CHINA-ALIGNED ACTIVITY
SparklingGoblin
Activity targeting the US defense sector
MirrorFace
Mustang Panda
Websiic activity cluster
8
IRAN-ALIGNED ACTIVITY
POLONIUM
APT35
Agrius
APT-C-50
OilRig
10 NORTH KOREA-ALIGNED ACTIVITY
Lazarus
Kimsuky
Konni
11 CONCLUSION
ESET APT ACTIVITY REPORT T2 2022 | 2
EXECUTIVE SUMMARY
Welcome to the inaugural issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that were
observed, investigated, and analyzed by ESET researchers from May until the end of August 2022
(T2 2022). Comprehensive descriptions of activities described in this document were initially provided
exclusively to our premium customers, along with extensive lists of IoCs, MITRE ATT&CK techniques,
YARA rules, CVEs and other information.
APT groups are usually operated by a nation-state or by state-sponsored actors. Their aim is to
breach the security of governments, high-profile individuals, or strategic companies, and to evade
detection in order to harvest highly confidential data. These groups possess advanced …