An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
Tag: ESET
AI, china, Europe, Global Security News, Government & Policy
Webworm APT targets European government organizations with new backdoors
ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations into Europe. ESET observed Webworm targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain…
Global Security News
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
AI, china, Europe, Global Security News, Government & Policy, malware, Network Security, Russia
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…
AI, Global Security News
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
AI, Global Security News
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down
AI, Global Security News
North Korean APT Targets Yanbian Gamers via Trojanized Platform
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on users
Global Security News
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
AI, china, Global Security News, Government & Policy, malware
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware
ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple…
china, Global Security News, Government & Policy
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions
AI, Global Security News, malware
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI
Global Security News
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
Most UK manufacturers compromised last year suffered financial loss, says ESET
AI, Endpoint, Global Security News
ESET introduces Cloud Workload Protection, bringing XDR visibility to cloud environments
ESET has launched ESET Cloud Workload Protection as part of a comprehensive update for its ESET PROTECT Platform. The new module extends security beyond endpoints and servers to cover cloud workloads, enriching telemetry for detection and response while unifying security management across endpoint and cloud environments. “Many businesses, especially those in the midmarket, as well…
Global Security News
EDR killers explained: Beyond the drivers
ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers
AI, Global Security News, Russia
This spy tool has been quietly stealing data for years
ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024. The Sednit group itself was tied to Unit…
Global Security News
How SMBs use threat research and MDR to build a defensive edge
We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses
AI, Global Security News, malware
PromptSpy: First Android malware to use generative AI in its execution flow
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI as part of its execution flow in order to achieve persistence. This marks the first time generative AI has been deployed in this way. Because the attackers rely on prompting an AI model, specifically Google’s Gemini, to guide malicious UI manipulation,…
AI, Global Security News, malware
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, International, malware, Network Security, News, Risk Management, Threats
Fake Dating App Delivers Android Spyware in Targeted Campaign
ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware. The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…