APT ACTIVITY REPORT T3 2022
Contents
APT ACTIVITY
REPORT T3 2022
SANDWORM DEPLOYING ITS ENHANCED WIPER ARSENAL
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
EXECUTIVE SUMMARY
4
CHINA-ALIGNED ACTIVITY
Mustang Panda
Goblin Panda
MirrorFace
LuckyMouse
6
IRAN-ALIGNED ACTIVITY
APT35
MuddyWater
POLONIUM
WildPressure
8
NORTH KOREA-ALIGNED ACTIVITY
Konni
Lazarus
Andariel
10 RUSSIA-ALIGNED ACTIVITY
Callisto
Gamaredon
The Dukes
Sandworm — activities related to the Russia-Ukraine war
12 OTHER NOTABLE APT ACTIVITY
SturgeonPhisher
ESET APT ACTIVITY REPORT T3 2022 | 2
EXECUTIVE SUMMARY
Welcome to the T3 2022 issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that
were observed, investigated, and analyzed by ESET researchers from September until the end of
December (T3) 2022.
In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases,
we detected the infamous Sandworm group using a previously unknown wiper against an energy
sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored
actors; the described attack happened in October, in the same period as the Russian armed forces
started launching missile strikes targeting energy …
REPORT T3 2022
SANDWORM DEPLOYING ITS ENHANCED WIPER ARSENAL
WeLiveSecurity.com
@ESETresearch
ESET GitHub
CONTENTS
3
EXECUTIVE SUMMARY
4
CHINA-ALIGNED ACTIVITY
Mustang Panda
Goblin Panda
MirrorFace
LuckyMouse
6
IRAN-ALIGNED ACTIVITY
APT35
MuddyWater
POLONIUM
WildPressure
8
NORTH KOREA-ALIGNED ACTIVITY
Konni
Lazarus
Andariel
10 RUSSIA-ALIGNED ACTIVITY
Callisto
Gamaredon
The Dukes
Sandworm — activities related to the Russia-Ukraine war
12 OTHER NOTABLE APT ACTIVITY
SturgeonPhisher
ESET APT ACTIVITY REPORT T3 2022 | 2
EXECUTIVE SUMMARY
Welcome to the T3 2022 issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that
were observed, investigated, and analyzed by ESET researchers from September until the end of
December (T3) 2022.
In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases,
we detected the infamous Sandworm group using a previously unknown wiper against an energy
sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored
actors; the described attack happened in October, in the same period as the Russian armed forces
started launching missile strikes targeting energy …