June 2022

Inspect the T1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. First of all, several interesting observations occur when speaking about the unprovoked war against Slovakia’s eastern neighbor. Ukraine is resisting attacks not only in the physical world but also in cyberspace.

Shortly before the Russian invasion, ESET telemetry recorded one of two sharp drops in RDP attacks. The decline in these attacks might have a connection to the war in Ukraine. However, even with this reduction, almost 60% of the incoming RDP attacks seen in T1 2022 came from Russia. At the same time, according to our telemetry, Russia has become the top targeted country. Unsurprisingly, the war has also been noticeably exploited by spam and phishing threats. Immediately after the invasion on February 24, scammers started to take advantage of people trying to support Ukraine by using fictitious charities and fundraisers as lures.

Apart from that, ESET’s researchers also observed the return of the infamous malware called Emotet that had been previously seemingly taken down. The past months were also full of interesting research findings. Our researchers uncovered – among other things – the abuse of kernel driver vulnerabilities; high‑impact UEFI vulnerabilities; cryptocurrency malware targeting Android and iOS devices; and the campaigns of Mustang Panda, Donot Team, Winnti Group, and the TA410 APT group. Explore much more insights in the ESET Threat Report T1 2022 to see the full picture.