ESET Resource Center

APT Activity Report Q4 2022 - Q1 2023: Lazarus Extends Targeting to All Major Desktop OSes

May 2023

APT Activity Report Q4 2022 - Q1 2023: Lazarus Extends Targeting to All Major Desktop OSes

ESET APT Activity Report Q4 2022–Q1 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023.

In the Report, you can learn about several APT groups, including China-aligned, India-aligned, Iran-aligned, and North Korea-aligned threat actors. In the case of Russia-aligned APT actors and their operations, these were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one that we call SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel.

The selection of countries and regions that were affected by the APT groups described in this Report:

  • Australia
  • Bulgaria
  • China
  • Egypt
  • India
  • Israel
  • Namibia
  • Poland
  • Sudan
  • Taiwan
  • United Kingdom
  • United States
  • Ukraine

Targeted business verticals include:

  • Data management companies
  • Defense contractors
  • Diplomats
  • Educational institutions
  • Energy sector
  • Financial services
  • Gambling companies
  • Governmental organizations
  • Healthcare
  • Hospitality
  • Media
  • Research institutes

Note that a small portion of the report also mentions some events previously covered in APT Activity Report T3 2022. This stems from our decision to release this report on a semi-annual basis, with the current issue encompassing Q4 2022 and Q1 2023, while the forthcoming edition will cover Q2 and Q3 2023.

The malicious activities described in ESET APT Activity Report Q4 2022–Q1 2023 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research.

ESET APT Activity Reports only contain a fraction of the cybersecurity intelligence data provided in the ESET APT Reports PREMIUM. For more information, visit the ESET Threat Intelligence website.

Don't miss out



A Buyer’s Guide to Extended Detection and Response

Uncover the key benefits of an XDR solution, what to look for when considering purchasing, and how ESET can guide you through the whole process.



Cyber Threat Intelligence: A Comprehensive Guide to Your Threat Defense

Why do organizations need Cyber Threat Intelligence and what should you look for when choosing a Threat Intelligence provider? Learn more from ESET’s brand-new guide!



Cybersecurity Insurance for Enterprises: Making an Educated Decision

Learn about why cybersecurity insurance has become a crucial tool in preventing companies from being shut down after an attack, and how to strengthen your posture.

Ready for next step?

Enter the world of enterprise protection