ESET Resource Center

APT Activity Report Q4 2022 - Q1 2023: Lazarus Extends Targeting to All Major Desktop OSes

May 2023

APT Activity Report Q4 2022 - Q1 2023: Lazarus Extends Targeting to All Major Desktop OSes

ESET APT Activity Report Q4 2022–Q1 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023.

In the Report, you can learn about several APT groups, including China-aligned, India-aligned, Iran-aligned, and North Korea-aligned threat actors. In the case of Russia-aligned APT actors and their operations, these were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one that we call SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel.

The selection of countries and regions that were affected by the APT groups described in this Report:

  • Australia
  • Bulgaria
  • China
  • Egypt
  • India
  • Israel
  • Namibia
  • Poland
  • Sudan
  • Taiwan
  • United Kingdom
  • United States
  • Ukraine

Targeted business verticals include:

  • Data management companies
  • Defense contractors
  • Diplomats
  • Educational institutions
  • Energy sector
  • Financial services
  • Gambling companies
  • Governmental organizations
  • Healthcare
  • Hospitality
  • Media
  • Research institutes

Note that a small portion of the report also mentions some events previously covered in APT Activity Report T3 2022. This stems from our decision to release this report on a semi-annual basis, with the current issue encompassing Q4 2022 and Q1 2023, while the forthcoming edition will cover Q2 and Q3 2023.

The malicious activities described in ESET APT Activity Report Q4 2022–Q1 2023 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research.

ESET APT Activity Reports only contain a fraction of the cybersecurity intelligence data provided in the ESET APT Reports PREMIUM. For more information, visit the ESET Threat Intelligence website.

Don't miss out



Cybersecurity in an AI-turbocharged Era

AI can be used for both good and evil. Find out how it transforms the world of digital security, how cybercriminals use it, and how ESET leverages the technology to keep you secured.



Prevention first: Minimizing the Attack Surface and Closing Compliance Gaps

Prevention is key when protecting your company against threats. Learn about mobile protection, cloud protection, and...



Radicati APT Protection Market Quadrant 2024

ESET has been named a 'Top Player' by Radicati in the Advanced Persistent Threat Market Quadrant 2024. See the evaluation!

Ready for next step?

Enter the world of enterprise protection