ESET APT Activity Report Q2 2025–Q3 2025
ATT&CK techniques detected
T1566.002Spearphishing Link
88%
“campaign involved emails and signal messages delivering a trojanized eset installer that leads to the download of a legitimate eset product along with the kalambur backdoor. finally, notable activities by lesser - known groups included frostyneighbor exploiting an xss vulnerabili…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
51%
“##gato also introduced an interesting twist to its campaign by leveraging dll - search - order hijacking to steal credentials. north korea - aligned threat actors targeted the cryptocurrency sector and, notably, expanded their operations to uzbekistan – a country not previously o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
48%
“##gato also introduced an interesting twist to its campaign by leveraging dll - search - order hijacking to steal credentials. north korea - aligned threat actors targeted the cryptocurrency sector and, notably, expanded their operations to uzbekistan – a country not previously o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025