APT Activity Report Q1 2025: Malware sharing, data wiping and exploits
In the latest ESET Research Podcast, Aryeh Goretsky and Rene Holt dive into key findings from the APT Activity Report. UnsolicitedBooker, a China-aligned group, showcased relentless persistence by repeatedly attempting to compromise the same organization for several years with its MarsSnake backdoor. Meanwhile, tool-sharing among China-aligned actors like Worok continues to blur attribution, with overlapping activities involving groups such as LuckyMouse and TA428. On the Russia-aligned front, Sednit expanded Operation RoundPress to exploit multiple webmail platforms, Gamaredon kept up its relentless obfuscation efforts in Ukraine, and Sandworm unleashed its ZEROLOT wiper again, erasing critical files of its victims. Aryeh and Rene also discuss the financial schemes of North Korea-aligned groups and the noisy yet coordinated efforts of Iran-aligned actors.
Listen to the full episode or download the report on WeLiveSecurity.com.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: René Holt, Security Awareness Specialist
Read more at WeLiveSecurity.com and @ESETresearch on Twitter
APT Activity Report Q1 2025
--------
34:06
--------
34:06
Threat Report H2 2024: Infostealers, novel vector for mobile, Nomani
In H2 2024, the infostealer scene went through a shakeup leading to a reshaped top 10 with Formbook dethroning Agent Tesla, Lumma Stealer jumping the ranks by using a new tactic for its distribution, and both Redline Stealer and Meta Stealer losing ground after takedown. There’s also a novel attack vector that works for both Android and iOS devices, misusing technologies allowing mobile users to install apps directly from websites from mobile browsers. And let’s not forget the booming numbers of investment scams on social media, detected as HTML/Nomani. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2024. Visit WeLiveSecurity to read about other topics it covers.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Ondrej Kubovič, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Report H2 2024
--------
38:26
--------
38:26
Telekopye, again
Neanderthals hunting Mammoths are back. Of course, we’re not talking about some Jurassic-Park-like technology that resurrected them in a remote region. No, this episode of ESET Research Podcast returns to the malicious operation of dozens of cybercriminal groups (Neanderthals) targeting inexperienced users (Mammoths) on online marketplaces, using a malicious Telegram bot known as Telekopye. Discussing the topic, ESET Research Podcast host Aryeh Goretsky, and ESET malware researchers, Radek Jizba and Jakub Soucek, revisit and update the information ESET has gathered about the cybercriminal ecosystem, explain the most frequent scenarios used by the attackers and map out their expanded hunting grounds. For full info, read more in ESET’s recently published white paper on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Jakub Souček, ESET Senior Malware Researcher
Radek Jizba, ESET Senior Malware Researcher
Materials:
Blogpost Telekopye transitions to targeting tourists via hotel booking scam
Whitepaper Marketplace scams: Neanderthals hunting Mammoths with Telekopye
--------
30:24
--------
30:24
Gamaredon
When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy, group that can avoid all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this is one noisy, extremely active Russia-aligned group that does not care if defenders uncover its activities. However, it is also an actor that develops and improves its cyberespionage tools and techniques literally every day. If you want to know more about Gamaredon’s modus operandi, victimology, tooling, or estimated geolocation, then listen to the debate of ESET Researchers Robert Lipovský and Zoltán Rusnák. For full details, read more in ESET’s recently published white paper on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Robert Lipovský, ESET Principal Malware Researcher
Zoltán Rusnák, ESET Senior Malware Researcher
Materials:
ESET blogpost on Gamaredon activity in 2022 and 2023
ESET white paper on Gamaredon activity in 2022 and 2023
SSU report on activities of Gamaredon
--------
23:24
--------
23:24
CosmicBeetle
Some cybercriminals are sophisticated, cooperate with other attackers, and do everything to stay under the radar. Then there are threat actors like CosmicBeetle that lack the necessary skills set, yet still manage to compromise systems and even achieve “stealth” by using odd, impractical and overcomplicated techniques. If you want to know more about this crude and clumsy actor, listen to ESET senior malware researcher Jakub Souček talk about his research findings with our host Distinguished Researcher Aryeh Goretsky. For a detailed report on CosmicBeetle visit WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Jakub Souček, ESET senior Malware Researcher
Materials:
CosmicBeetle steps up: Probation period at RansomHub
Netherlands