Category: ESET research

ESET APT Activity Report Q4 2025–Q1 2026 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 Go to eset

Webworm: New burrowing techniques ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal Go to eset

FrostyNeighbor: Fresh mischief and digital shenanigans ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations Go to eset

Fake call logs, real payments: How CallPhantom tricks Android users ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down Go to eset

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games Go to eset

GopherWhisper: A burrow full of malware ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions Go to eset

New NGate variant hides in a trojanized NFC payment app ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI Go to eset

EDR killers explained: Beyond the drivers ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers Go to eset

Sednit reloaded: Back in the trenches The resurgence of one of Russia’s most notorious APT groups Go to eset

PromptSpy ushers in the era of Android threats using GenAI ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow Go to eset

DynoWiper update: Technical analysis and attribution ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector Go to eset

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation Go to eset

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper Go to eset

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation Go to eset

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions Go to eset

ESET Threat Report H2 2025 A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Go to eset

MuddyWater: Snakes by the riverbank MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook Go to eset

PlushDaemon compromises network devices for adversary-in-the-middle attacks ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks Go to eset

ESET APT Activity Report Q2 2025–Q3 2025 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025 Go to eset

Gamaredon X Turla collab Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine Go to eset

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal Go to eset

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results Go to eset

First known AI-powered ransomware uncovered by ESET Research The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats Go to eset

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets Go to eset

ToolShell: An all-you-can-eat buffet for threat actors ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities Go to eset

Unmasking AsyncRAT: Navigating the labyrinth of forks ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants Go to eset

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024 Go to eset

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits ESET experts discuss Sandworm’s new data wiper, UnsolicitedBooker’s relentless campaigns, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report Go to eset

ESET Threat Report H1 2025 A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Go to eset

BladedFeline: Whispering in the dark ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig Go to eset