lazarusholic

Everyday is lazarus.dayβ

APT ACTIVITY REPORT T3 2022

2023-01-31, ESET
https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf
eset_apt_activity_report_t32022.pdf, 3.9 MB
#Trend

Contents

APT ACTIVITY
REPORT T3 2022
SANDWORM DEPLOYING ITS ENHANCED WIPER ARSENAL

WeLiveSecurity.com
@ESETresearch
ESET GitHub


CONTENTS
3

EXECUTIVE SUMMARY

4

CHINA-ALIGNED ACTIVITY
Mustang Panda
Goblin Panda
MirrorFace
LuckyMouse

6

IRAN-ALIGNED ACTIVITY
APT35
MuddyWater
POLONIUM
WildPressure

8

NORTH KOREA-ALIGNED ACTIVITY
Konni
Lazarus
Andariel

10 RUSSIA-ALIGNED ACTIVITY
Callisto
Gamaredon
The Dukes
Sandworm — activities related to the Russia-Ukraine war

12 OTHER NOTABLE APT ACTIVITY
SturgeonPhisher

ESET APT ACTIVITY REPORT T3 2022 | 2


EXECUTIVE SUMMARY
Welcome to the T3 2022 issue of the ESET APT Activity Report!
This report summarizes the activities of selected advanced persistent threat (APT) groups that
were observed, investigated, and analyzed by ESET researchers from September until the end of
December (T3) 2022.
In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases,
we detected the infamous Sandworm group using a previously unknown wiper against an energy
sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored
actors; the described attack happened in October, in the same period as the Russian armed forces
started launching missile strikes targeting energy …