ESET Research Uncovers Widespread APT Activity from October 2025 to March 2026

ESET Research has released its latest APT Activity Report, providing insights into the activities of various threat groups from October 2025 to March 2026. The report highlights the growing presence of China-aligned threat actors, who have been observed conducting espionage campaigns in several countries, including Venezuela and South Korea. These campaigns are believed to be linked to Beijing's economic and security interests.

China-aligned FamousSparrow targeted a Venezuelan governmental entity connected to maritime affairs, likely to monitor the resilience of oil shipments after the US intervention. In South Korea, UNC5221's SPAWN malware family targeted an AI and robotics company, aligning with Beijing's interest in strategic technologies under the Made in China 2025 industrial development policy.

North Korea-aligned threat actors remained active on several fronts, targeting developers and the cryptocurrency ecosystem with social engineering schemes. The Andariel group reemerged in attacks against South Korea, deploying TigerRAT and attempting to spread Rook ransomware within an engineering company connected to liquid hydrogen handling and nuclear power.