China-Aligned Threat Actors Remain Highly Active Worldwide

ESET Research has released its latest Advanced Persistent Threat (APT) Activity Report, covering the period from October 2025 to March 2026. The report provides an overview of the activities of select threat actors, highlighting their tactics, techniques, and procedures (TTPs).

The report notes that China-aligned groups remained highly active worldwide, conducting espionage campaigns in response to geopolitical developments affecting Beijing's economic and security interests. These campaigns targeted various sectors, including maritime, energy, and political affairs. For example, the FamousSparrow group targeted a Venezuelan governmental entity connected to maritime affairs, likely to monitor the resilience of oil shipments after the US intervention.

Additionally, the report notes that North Korea-aligned threat actors continued to target developers and the cryptocurrency ecosystem with social engineering schemes. The Andariel group also reemerged in attacks against South Korea, deploying TigerRAT and attempting to spread Rook ransomware within an engineering company.