APT Activity Report Q1 2025: Malware sharing, data wiping and exploits

In the latest ESET Research Podcast, Aryeh Goretsky and Rene Holt dive into key findings from the APT Activity Report. UnsolicitedBooker, a China-aligned group, showcased relentless persistence by repeatedly attempting to compromise the same organization for several years with its MarsSnake backdoor. Meanwhile, tool-sharing among China-aligned actors like Worok continues to blur attribution, with overlapping activities involving groups such as LuckyMouse and TA428. On the Russia-aligned front, Sednit expanded Operation RoundPress to exploit multiple webmail platforms, Gamaredon kept up its relentless obfuscation efforts in Ukraine, and Sandworm unleashed its ZEROLOT wiper again, erasing critical files of its victims. Aryeh and Rene also discuss the financial schemes of North Korea-aligned groups and the noisy yet coordinated efforts of Iran-aligned actors.

Listen to the full episode or download the report on WeLiveSecurity.com.

Host: Aryeh Goretsky, ESET Distinguished Researcher

Guest: René Holt, Security Awareness Specialist

Read more at WeLiveSecurity.com and @ESETresearch on Twitter

APT Activity Report Q1 2025