Information

Business Security Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What’s the right antidote to cyber-risk? Phil Muncaster 14 Apr 2025  •  , 5 min. read We all want the best possible education for our children. But even the best-laid plans can come unstuck when confronted with an agile, persistent and devious adversary. Nation state-aligned actors and cybercriminals represent one of the biggest threats to schools, colleges and…

Read More

Critical Infrastructure While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat Phil Muncaster 14 Mar 2025  •  , 4 min. read Amid all the high-profile data breaches and ransomware attacks on IT systems in recent years, the threat to business-critical operational technology (OT) is still often underestimated. Yet attacking tech systems that interface with the physical world is the quickest way to achieve…

Read More

Here’s what’s been hot on the AI scene over the past 12 months, how it’s changing the face of warfare, and how you can fight AI-powered scams 17 Mar 2025 The second season of the Unlocked 403 cybersecurity podcast kicks off with a familiar face – ESET Security Evangelist Ondrej Kubovič, who also appeared on the podcast’s inaugural episode. Picking up where they left off this time last year, Becks and Ondrej discuss what’s been…

Read More

In August 2024, ESET researchers detected cyberespionage activity carried out by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to Expo 2025, which will be held in Osaka, Japan. Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace intended to infiltrate a European entity. The campaign, which we uncovered in Q2 and Q3 of…

Read More

The group’s Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure 18 Mar 2025 The China-aligned MirrorFace APT group has targeted a Central European diplomatic institute, marking the first time this China-aligned APT group has attempted to infiltrate an entity in Europe, ESET research has found. In keeping with its previous campaigns, Operation AkaiRyū (which is Japanese for RedDragon) begins with carefully crafted spearphishing…

Read More

On March 5th, 2025, the US DOJ unsealed an indictment against employees of the Chinese contractor I‑SOON for their involvement in multiple global espionage operations. Those include attacks that we previously documented and attributed to the FishMonger APT group – I‑SOON’s operational arm – including the compromise of seven organizations that we identified as being targeted in a 2022 campaign that we named Operation FishMedley. Key points of this blogpost: Verticals targeted during Operation FishMedley…

Read More

In July 2024, ESET Research noticed suspicious activity on the system of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, we made an unexpected discovery in the victim’s network: malicious tools belonging to FamousSparrow, a China-aligned APT group. There had been no publicly documented FamousSparrow activity since 2022, so the group was thought to be inactive. Not only was FamousSparrow still active…

Read More

ESET researchers take a look back at the significant changes in the ransomware ecosystem in 2024 and focus on the newly emerged and currently dominating ransomware-as-a-service (RaaS) gang, RansomHub. We share previously unpublished insights into RansomHub’s affiliate structure and uncover clear connections between this newly emerged giant and well-established gangs Play, Medusa, and BianLian. We also emphasize the emerging threat of EDR killers, unmasking EDRKillShifter, a custom EDR killer developed and maintained by RansomHub. We…

Read More