Information

Here’s what’s been hot on the AI scene over the past 12 months, how it’s changing the face of warfare, and how you can fight AI-powered scams 17 Mar 2025 The second season of the Unlocked 403 cybersecurity podcast kicks off with a familiar face – ESET Security Evangelist Ondrej Kubovič, who also appeared on the podcast’s inaugural episode. Picking up where they left off this time last year, Becks and Ondrej discuss what’s been…

Read More

In August 2024, ESET researchers detected cyberespionage activity carried out by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to Expo 2025, which will be held in Osaka, Japan. Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace intended to infiltrate a European entity. The campaign, which we uncovered in Q2 and Q3 of…

Read More

The group’s Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure 18 Mar 2025 The China-aligned MirrorFace APT group has targeted a Central European diplomatic institute, marking the first time this China-aligned APT group has attempted to infiltrate an entity in Europe, ESET research has found. In keeping with its previous campaigns, Operation AkaiRyū (which is Japanese for RedDragon) begins with carefully crafted spearphishing…

Read More

On March 5th, 2025, the US DOJ unsealed an indictment against employees of the Chinese contractor I‑SOON for their involvement in multiple global espionage operations. Those include attacks that we previously documented and attributed to the FishMonger APT group – I‑SOON’s operational arm – including the compromise of seven organizations that we identified as being targeted in a 2022 campaign that we named Operation FishMedley. Key points of this blogpost: Verticals targeted during Operation FishMedley…

Read More

In July 2024, ESET Research noticed suspicious activity on the system of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, we made an unexpected discovery in the victim’s network: malicious tools belonging to FamousSparrow, a China-aligned APT group. There had been no publicly documented FamousSparrow activity since 2022, so the group was thought to be inactive. Not only was FamousSparrow still active…

Read More

ESET researchers take a look back at the significant changes in the ransomware ecosystem in 2024 and focus on the newly emerged and currently dominating ransomware-as-a-service (RaaS) gang, RansomHub. We share previously unpublished insights into RansomHub’s affiliate structure and uncover clear connections between this newly emerged giant and well-established gangs Play, Medusa, and BianLian. We also emphasize the emerging threat of EDR killers, unmasking EDRKillShifter, a custom EDR killer developed and maintained by RansomHub. We…

Read More

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions 27 Mar 2025 ESET research has released a deep-dive analysis of changes in the ransomware ecosystem in 2024, focusing especially on RansomHub, a new but highly prolific ransomware-as-a-service (RaaS) gang. Among other things, the report features previously unpublished insights into RansomHub’s affiliate structure and uncovers connections between this gang and its peers, such…

Read More

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time 27 Mar 2025 The FamousSparrow APT group has infiltrated a trade group in the financial sector in the United States, a research institute in Mexico, and a governmental institution in Honduras, according to new ESET research. While assisting one of the affected entities with the remediation of the attack, ESET’s experts found that the…

Read More

Business Security Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near Tomáš Foltýn 28 Mar 2025  •  , 5 min. read Let me start with an attempt at a story: Sarah’s eyes darted across the email subject line, which read: “URGENT: Payment Needed – Action Required”. It was 4 p.m. on a Friday, and the CEO’s name…

Read More