ESET APT Activity Report Q4 2022–Q1 2023
Contents
APT ACTIVITY
REPORT
Q4 2022–Q1 2023
LAZARUS EXTENDS TARGETING TO ALL MAJOR DESKTOP OSes
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
4
EXECUTIVE SUMMARY
CHINA-ALIGNED ACTIVITY
Mustang Panda
Ke3chang
MirrorFace
Operation ChattyGoblin
6
INDIA-ALIGNED ACTIVITY
Donot Team
NewsPenguin
Other notable activities
8
IRAN-ALIGNED ACTIVITY
MuddyWater
OilRig
POLONIUM
9
NORTH KOREA-ALIGNED ACTIVITY
ScarCruft
Andariel
Kimsuky
Lazarus
11 RUSSIA-ALIGNED ACTIVITY
Gamaredon
Sandworm
Sednit
The Dukes
SaintBear
13 OTHER NOTABLE APT ACTIVITY
SturgeonPhisher
Winter Vivern
ESET APT ACTIVITY REPORT Q4 2022–Q1 2023 | 2
EXECUTIVE SUMMARY
Welcome to the latest issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that were observed,
investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. Attentive readers
will notice that a small portion of this report also mentions some events previously covered in APT Activity Report
T3 2022. This stems from our decision to release this report on a semi-annual basis, with the current issue
encompassing Q4 2022 and Q1 2023, while the forthcoming edition will cover Q2 and Q3 2023.
In the monitored timeframe, several China-aligned threat actors focused on European organizations, employing
tactics such as the deployment of …
REPORT
Q4 2022–Q1 2023
LAZARUS EXTENDS TARGETING TO ALL MAJOR DESKTOP OSes
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
4
EXECUTIVE SUMMARY
CHINA-ALIGNED ACTIVITY
Mustang Panda
Ke3chang
MirrorFace
Operation ChattyGoblin
6
INDIA-ALIGNED ACTIVITY
Donot Team
NewsPenguin
Other notable activities
8
IRAN-ALIGNED ACTIVITY
MuddyWater
OilRig
POLONIUM
9
NORTH KOREA-ALIGNED ACTIVITY
ScarCruft
Andariel
Kimsuky
Lazarus
11 RUSSIA-ALIGNED ACTIVITY
Gamaredon
Sandworm
Sednit
The Dukes
SaintBear
13 OTHER NOTABLE APT ACTIVITY
SturgeonPhisher
Winter Vivern
ESET APT ACTIVITY REPORT Q4 2022–Q1 2023 | 2
EXECUTIVE SUMMARY
Welcome to the latest issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that were observed,
investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. Attentive readers
will notice that a small portion of this report also mentions some events previously covered in APT Activity Report
T3 2022. This stems from our decision to release this report on a semi-annual basis, with the current issue
encompassing Q4 2022 and Q1 2023, while the forthcoming edition will cover Q2 and Q3 2023.
In the monitored timeframe, several China-aligned threat actors focused on European organizations, employing
tactics such as the deployment of …
IoC
8A50A4EE479D9BA2F5525FA899420B30296E3ED8
12103BC077F677AFB2BA7FAC6445DF3DD2F6DF00
12103BC077F677AFB2BA7FAC6445DF3DD2F6DF00