An overview

• Geopolitical Tensions: Regional stability issues, such as political conflicts and economic tensions, have a direct impact on cyber threats. As geopolitical events unfold, threat actors adapt their strategies to exploit vulnerabilities.
• Attack Trends: While no groundbreaking attack methods have emerged, existing techniques continue to evolve. Advanced Persistent Threat (APT) groups remain active, targeting government entities, critical infrastructure, and private organizations.
• Leading Actors: ESET’s research identifies Russia-aligned APT groups as the most prolific attackers. Their sophisticated campaigns target various sectors, including energy, finance, and defense. China-aligned actors follow closely, focusing on espionage and intellectual property theft.

The current landscape

A recent analysis from threat intelligence analysts ESET claims that threat actors are increasing their attacks worldwide, with geographic events determining which locations are most heavily targeted. The principal author of the research recommends that CISOs to intensify their protection plans in light of the activity, even if he claims that no new attack techniques have been discovered.

The director of threat research at ESET, Jean-Ian Boutin said  that current attack methods "still work well." Thus, attackers don't always need to use innovative vectors. According to Boutin, CISOs are defending against these attacks properly; they only need to fortify themselves even more.

Impact on regional stability

The researchers claim that because the primary worldwide assault trends that ESET has identified have been directly impacted by regional stability difficulties, these challenges are also affecting the cyber sphere. The report focuses on activities of specific advanced persistent threat (APT) groups from October 2023 to March 2024, the experts said in the report.

Researchers from ESET also observed that organizations connected with Russia were concentrating on espionage activities throughout the European Union in addition to assaults against Ukraine.

Along with operations against Ukraine, ESET researchers also saw that entities connected with Russia were concentrating on espionage across the European Union. However, the researchers noted that several threat actors with ties to China took use of flaws in software and public-facing hardware, including firewalls and VPNs, as well as Confluence and Microsoft Exchange Server, to gain first access to targets across a variety of sectors.

Analysis of attacks

Using emotions to keep the assault from being disclosed is one of the more recent strategies ESET is witnessing in North Korea; this will probably increase the tactic's usefulness and duration. According to Boutin, the method has been used for years, but North Korean APT organizations are making a small adjustment.

Under the guise of a job application, the hack targets programmers and other technical talent at numerous significant US corporations. The victim is exposed to the malware and the trap is set when the attacker poses as a recruiter for such companies and requests that the victims complete an online test to demonstrate their technical proficiency.

Implications for CISOs

• Defense Strategies: Organizations must strengthen their defense mechanisms. Proactive threat intelligence, robust network security, and employee training are essential. Zero-day vulnerabilities and supply chain attacks require constant vigilance.
• Threat Attribution: Understanding threat actors’ motivations and affiliations is crucial. Attribution helps tailor defenses and prioritize resources effectively. Collaboration among security professionals and law enforcement agencies is vital.
• Risk Assessment: Organizations should assess their risk exposure based on geopolitical events. Consider the impact of regional instability on critical assets and operations. Regular risk assessments inform decision-making.