ESET Resource Center

APT Activity Report Q4 2023–Q1 2024: Iran-aligned Cyberattacks - Rise in Disruptive Operations

May 2024

APT Activity Report Q4 2023–Q1 2024: Iran-aligned Cyberattacks - Rise in Disruptive Operations

This APT Activity Report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024. The highlighted operations are representative of the broader landscape of threats ESET Research has investigated during this period, illustrating key trends and developments.

After the Hamas-led attack on Israel in October 2023, and throughout the ongoing war in Gaza, ESET has detected a significant increase in activity from Iran-aligned threat groups. Russia-aligned groups have focused their activities on espionage within the European Union and attacks against Ukraine. 

On the other hand, several China-aligned threat actors exploited vulnerabilities in public-facing appliances, such as VPNs and firewalls, and software, such as Confluence and Microsoft Exchange Server, for initial access to targets in multiple verticals. North Korea-aligned groups continued to target aerospace and defense companies and the cryptocurrency industry.

The report also describes the exploitation of a zero-day vulnerability in Roundcube by Winter Vivern, a group ESET assesses to be aligned with the interests of Belarus. Additionally, ESET spotlights a campaign in the Middle East carried out by SturgeonPhisher, a group ESET researchers believe to be aligned with the interests of Kazakhstan.

Read the full APT Activity Report Q4 2023 - Q1 2024 to learn more!

ESET products protect our customers’ systems from the malicious activities described in this report. Intelligence shared here is primarily based on proprietary ESET telemetry data and has been verified by ESET researchers, who prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups.

These threat intelligence analyses, known as ESET APT Reports PREMIUM, assist organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. This report contains only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports.

Don't miss out



Cybersecurity in an AI-turbocharged Era

AI can be used for both good and evil. Find out how it transforms the world of digital security, how cybercriminals use it, and how ESET leverages the technology to keep you secured.



Prevention first: Minimizing the Attack Surface and Closing Compliance Gaps

Prevention is key when protecting your company against threats. Learn about mobile protection, cloud protection, and the benefits of managing them from one console.



ESET a 'Leader' in IDC MarketScape 2024

ESET has been recognized as a 'Leader' and twice as a Major Player in three Modern Endpoint Security IDC MarketScape reports. Learn more!

Ready for next step?

Enter the world of enterprise protection