Login
ESET APT Activity Report Q4 2025βQ1 2026
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
Reading view
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the groupβs continual cyberespionage operations
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history βfor any numberβ and had been downloaded more than seven million times before being taken down
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that weβve named GopherWhisper, which targets Mongolian governmental institutions
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI
EDR killers explained: Beyond the drivers
ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers
Sednit reloaded: Back in the trenches
The resurgence of one of Russiaβs most notorious APT groups
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
DynoWiper update: Technical analysis and attribution
ESET researchers present technical details on a recent data destruction incident affecting a company in Polandβs energy sector
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
ESET Research: Sandworm behind cyberattack on Polandβs power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions
ESET Threat Report H2 2025
A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks
ESET APT Activity Report Q2 2025βQ3 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025
Gotta fly: Lazarus targets the UAV sector
ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group
