State-sponsored threat actors linked to China, Iran, Russia and North Korea have been very busy in the past six months: report

Other APT activity trends

In the telemetry data analyzed, other countries involved in APT attacks include:

    • Russia: Groups aligned with the country have been found to focus their activities on espionage within the European Union, and on attacks against Ukraine. One instance is the Operation Texonto campaign, a disinformation and psychological operation aimed at spreading false information about Russian election-related protests and the situation in eastern Ukraine’s Kharkiv to foster uncertainty among the Ukrainians domestically and abroad.
    • China: Threat actors aligned with the country have been exploiting vulnerabilities in public-facing appliances, such as VPNs and firewalls, and Confluence and Microsoft Exchange Server, for initial access to targets in multiple verticals. Based on the data leak from Chinese security services company I-SOON (Anxun), it is evidence that the Chinese contractor is indeed engaged in cyberespionage, through activities traced to the “FishMonger group”. Also, a new China-aligned APT group, CeranaKeeper, has been noted, distinguished by unique traits possibly connected by with the Mustang Panda group.
    • North Korea: Aligned groups have continued to target aerospace and defense firms and the cryptocurrency industry during the period of data analysis. The APT analyses also included the exploitation of a Zero Day vulnerability in Roundcube by Winter Vivern, a group assessed to be aligned with the interests of Belarus. Additionally, a campaign in the Middle East carried out by SturgeonPhisher has been linked to the APT interests of Kazakhstan.