ESET APT Activity Report Q2–Q3 2023
Contents
ESET APT Activity Report Q2–Q3 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from April 2023 until the end of September 2023. In the monitored timespan, we observed a notable strategy of APT groups utilizing the exploitation of known vulnerabilities to exfiltrate data from governmental entities or related organizations. Russia-aligned Sednit and Sandworm, North Korea-aligned Konni, and geographically unattributed Winter Vivern and Sturgeon Phisher seized the opportunity to exploit vulnerabilities in WinRAR (Sednit, SturgeonPhisher, and Konni), Roundcube (Sednit and Winter Vivern), Zimbra (Winter Vivern), and Outlook for Windows (Sednit) to target various governmental organization in Ukraine, Europe, and Central Asia. Regarding China-aligned threat actors, GALLIUM probably exploited weaknesses in Microsoft Exchange servers or IIS servers, extending its targeting from telecommunications operators to government organizations around the world; MirrorFace probably exploited vulnerabilities in the Proself online storage service; and …