ESET APT Activity Report Q2 2025–Q3 2025
Contents
ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025. The highlighted operations are representative of the broader landscape of threats we investigated during this period. They illustrate the key trends and developments and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports.
During the monitored period, China-aligned APT groups continued to advance Beijing’s geopolitical objectives. We observed an increasing use of the adversary-in-the-middle technique for both initial access and lateral movement, employed by groups such as PlushDaemon, SinisterEye, Evasive Panda, and TheWizards. In what appears to be a response to the Trump administration’s strategic interest in Latin America, and possibly also influenced by the ongoing US‑China power struggle, FamousSparrow embarked on a tour of Latin America, targeting multiple governmental entities in the region. Mustang …
During the monitored period, China-aligned APT groups continued to advance Beijing’s geopolitical objectives. We observed an increasing use of the adversary-in-the-middle technique for both initial access and lateral movement, employed by groups such as PlushDaemon, SinisterEye, Evasive Panda, and TheWizards. In what appears to be a response to the Trump administration’s strategic interest in Latin America, and possibly also influenced by the ongoing US‑China power struggle, FamousSparrow embarked on a tour of Latin America, targeting multiple governmental entities in the region. Mustang …