lazarusholic

2024-11-08, ESET
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/
eset-apt-activity-report-q2-2024-q3-2024.pdf, 1.4 MB
#CitrineSleet #Kimsuky #Lazarus #ScarCruft #Trend

APT Activity
Report
ABUSING CLOUD SERVICES AND VPN
PLATFORMS IN THE PURSUIT OF NEW PREY
April 2024 – September 2024

(eset):research


ESET APT ACTIVITY REPORT

APRIL 2024 - SEPTEMBER 2024 | 2

Contents
Executive summary3

Russia-aligned groups17

Attackers and targets5

An increase in XSS spearphishing attacks
against Zimbra and Roundcube18

China-aligned groups 6
SoftEther VPN: A tool of choice for China-aligned
APT groups7

Russia-Ukraine war19

Other21

MirrorFace expands its reach: Europe now
in the crosshairs8

FrostyNeighbor22

CloudSorcerer’s operations traced back
to 20229

WPS Office for Windows vulnerability –
APT-C-6023

Iran-aligned groups 10
From cyber-support to diplomatic and kinetic
operations11
Continued interest in being the intrusive neighbor12

North Korea-aligned groups 13
Abusing cloud services14
Building relationships before the attack15
Abuse of Microsoft Management Console16

Linux toolset in Yemen23

About ESET24


ESET APT ACTIVITY REPORT

Executive summary

Attackers and targets

China

Iran

North Korea

Russia

Other

About ESET

APRIL 2024 - SEPTEMBER 2024 | 3

Executive summary
Welcome to the latest issue of the ESET APT Activity Report!
This report summarizes notable activities of selected advanced

organizations in the EU, and noticed GALLIUM deploying

mass destruction programs. These groups continued their

persistent threat (APT) groups that were documented by ESET

SoftEther VPN …

0012C49FAC5EAB8FF1BCB7EFAB62CB1D29E6CCEA2F272C968CA7C4BC2FE011B7
[email protected]
https://t.me/s/
http://headlineinteresting.pro
6174276F94219BC386BDC628CA18EAEC261998B7BD03077562FE93C268B42446
https://t.me/hackberegini
http://antidoping.pl
AA6F6A50271A1D63896971C2759A619E651D94D475B504200C1A0F2E5F623EFF