ESET APT Activity Report Q4 2022­–Q1 2023

ESET APT Activity Report Q4 2022–Q1 2023

2023-05-09 • ESET •

https://www.welivesecurity.com/wp-content/uploads/2023/05/eset_apt_activity_report_q42022_q12023.pdf

#Trend #Andariel #Kimsuky #Scarcruft #T1027

Attachments

eset_apt_activity_report_q42022_q12023.pdf (4 MB)

Thumbnail for ESET APT Activity Report Q4 2022–Q1 2023

ESET’s Q4 2022–Q1 2023 APT activity report says North Korea-aligned groups ScarCruft, Andariel, and Kimsuky continued targeting South Korean and South Korea-related entities with established toolsets. The Lazarus section highlights a fake Boeing-themed job offer against employees of a defense contractor in Poland, a shift toward a data management company in India using an Accenture-themed lure, and Linux malware used in one Lazarus campaign. The broader report also notes that North Korean activity remained one part of a multi-actor APT landscape alongside China-, India-, Iran-, and Russia-aligned operations, so DPRK-specific tracking should focus on those North Korea-aligned sections rather than the full document.

Indicators of Compromise

Type	Value	First Seen	Last Seen
DOMAIN	blogs.blackberry.com	2021-02-28	2024-04-11
HASH	8a50a4ee479d9ba2f5525fa899420b3…	2023-05-09	2023-05-19
HASH	12103bc077f677afb2ba7fac6445df3…	2023-05-09	2023-05-09
HASH	53579094bd9bb9df2e140de6fc7c739…	2023-05-09	2023-05-09
HASH	c08bf05db87896a15ac1913ac96bd47…	2023-05-09	2023-05-09
URL	https://the.earth.li/~sgtatham/…	2023-05-09	2023-05-09
URL	https://telegra.ph/	2023-05-09	2023-05-09
DOMAIN	the.earth.li	2023-05-09	2023-05-09
DOMAIN	telegra.ph	2023-05-09	2023-05-09

Related Actors

Andariel

FSI

First seen: Jul 2017

Last seen: May 2026

Kimsuky

Kaspersky

First seen: Sep 2013

Last seen: Jun 2026

Scarcruft

Kaspersky

First seen: Jun 2016

Last seen: May 2026

Related Reports

2023-04-27 • 64% Match

APT trends report Q1 2023

Kaspersky

#Trend #Andariel #Scarcruft

Shares tags: Trend, Andariel, Scarcruft • Published within a month

2024-05-15 • 62% Match

ESET APT Activity Report Q4 2023–Q1 2024

ESET

#Trend #Andariel #Kimsuky #Scarcruft #Konni #WebLogTea

Shares tags: Trend, Andariel, Kimsuky • Same author: ESET

2023-05-24 • 56% Match

March 2023 Threat Trend Report on Kimsuky Group

Ahnlab

#Trend #Kimsuky #xRAT #LNK #OneNote

Shares tags: Trend, Kimsuky • Published within a month

2024-11-08 • 54% Match

ESET APT Activity Report Q2 2024–Q3 2024

ESET

#Trend #Kimsuky #Scarcruft #CitrineSleet #Lazarus #T1566.002 #T1566.001 #T1190 #T1189 #T1091 #T1212 #T1659

Shares tags: Trend, Kimsuky, Scarcruft • Same author: ESET

2024-07-19 • 52% Match

APT Quarterly Highlights : Q2 2024

Cyfirma

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584

Shares tags: Trend, Andariel, Kimsuky

2022-11-30 • 51% Match

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

ESET

#Scarcruft #Dolphin #T1102.002 #T1082 #T1119 #T1567.002 #T1005 #T1113 #T1020 #T1071.001 #T1083 #T1056.001 #T1059.006 #T1059.007 #T1027 #T1555.003 #T1124 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1203 #T1189 #T1016 #T1074.001 #T1106 #T1025 #T1055.002 #T1010 #T1033 #T1560.002 #T1016.001

Shares tags: Scarcruft, T1027 • Same author: ESET

« Back