APT Quarterly Highlights : Q2 2024
Contents
In the second quarter of 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and Russia demonstrated a surge in dynamic and innovative cyber activities, significantly challenging the global cybersecurity landscape.
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors. Void Manticore (Storm-842) targeted Israeli organizations and Albania with destructive attacks and data theft, using custom wipers and web shells. MuddyWater focused on the Middle East, employing spear-phishing and remote monitoring tools to infiltrate the aviation and energy sectors. APT42 (Mint Sandstorm) impersonated journalists to gather intelligence in the US, Europe, and the Middle East, using custom backdoors like TAMECAT and NICECURL, underscoring the persistent and evolving threat from Iranian cyber actors.
Russian threat actors also demonstrated advanced cyber-espionage capabilities. APT28 (Forest Blizzard) targeted Polish government institutions with spear-phishing and DLL side-loading, exploiting CVE-2022-38028. Sandworm (APT44) used the Kapeka backdoor in attacks on Eastern Europe, …
Starting with Iran, state-sponsored threat actors exhibited advanced capabilities across various regions and sectors. Void Manticore (Storm-842) targeted Israeli organizations and Albania with destructive attacks and data theft, using custom wipers and web shells. MuddyWater focused on the Middle East, employing spear-phishing and remote monitoring tools to infiltrate the aviation and energy sectors. APT42 (Mint Sandstorm) impersonated journalists to gather intelligence in the US, Europe, and the Middle East, using custom backdoors like TAMECAT and NICECURL, underscoring the persistent and evolving threat from Iranian cyber actors.
Russian threat actors also demonstrated advanced cyber-espionage capabilities. APT28 (Forest Blizzard) targeted Polish government institutions with spear-phishing and DLL side-loading, exploiting CVE-2022-38028. Sandworm (APT44) used the Kapeka backdoor in attacks on Eastern Europe, …