ESET APT Activity Report April to September 2024

This report documents the activities of various advanced persistent threat (APT) groups as observed by ESET researchers from April to September 2024. It outlines notable operations and trends among China-aligned, Iran-aligned, North Korea-aligned, and Russia-aligned groups. The report details how these groups have expanded their targeting strategies, including China-aligned MirrorFace's new focus on a diplomatic organization in the EU and the increased use of SoftEther VPN for maintaining access to victim networks. Iran-aligned groups are noted for their cyberespionage efforts, particularly against financial institutions in Africa and diplomatic entities in the US and France. North Korea-aligned actors are reported to continue their cyber operations against defense and aerospace sectors, while Russia-aligned groups are highlighted for their spearphishing campaigns targeting webmail servers. The report also discusses specific incidents and tools used by these groups, contributing to a broader understanding of the evolving threat landscape.