Cybersecurity

cross-posted from: https://lemmy.sdf.org/post/35083943

Archived

Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025.

The report, covering activities from October 2024 to March 2025, highlights the sophisticated tactics and tools employed by these threat actors to infiltrate sensitive networks.

[...]

These diverse and innovative techniques illustrate the persistent dedication of China-aligned APTs to espionage, often prioritizing long-term access over immediate financial returns.

The ESET report emphasizes that the highlighted operations are merely a snapshot of the broader threat landscape, with intelligence derived from proprietary telemetry data and verified by expert researchers.

The sustained focus on European targets by these APT groups signals a strategic intent to gather sensitive political and industrial intelligence, potentially influencing geopolitical dynamics.

[...]

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.

EU High Level Group (established by EU commission) recommends forcing all devices in the EU to be sold with ”integrated Law Enforcement access” (page 21, recommendation 25) and sanctioning non-EU approved messaging services (recommendation 33)

• AI media generation is a significant trend in how we use the Internet in 2025. Kling AI is a widely used platform, with 6 million users since its launch in June 2024.
• A threat actor mimicked Kling AI and drove traffic to a convincing fake website via counterfeit Facebook pages and paid ads.
• User submissions of a text prompt or image on this fake site produce a seemingly innocent media file whose filename uses Hangul Filler characters to conceal an executable.
• In some cases, the executable’s loader used .NET Native AOT compilation for stealth. Executing it installs an infostealer with monitoring capabilities.
• This campaign has a global reach, with victims reported across multiple regions, most notably in Asia.