eset-apt-activity-report-q4-2024-q1-2025.pdf (1 MB)

ESET's Q4 2024-Q1 2025 APT activity report notes several North Korea-aligned operations with a strong financial motive. DeceptiveDevelopment expanded targeting across cryptocurrency, blockchain, and finance by using fake job listings, ClickFix techniques, and bogus GitHub issue posts to distribute the multiplatform WeaselStore malware. The Bybit cryptocurrency theft is described as an FBI-attributed TraderTraitor operation involving a Safe{Wallet} supply-chain compromise and approximately USD 1.5 billion in losses. ESET also observed Kimsuky and Konni returning to usual activity levels in early 2025 with greater focus on South Korean entities and diplomatic personnel, while Andariel resurfaced against a South Korean industrial software company.