ESET APT Activity Report Q4 2025–Q1 2026
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
ESET Research
20 articles
What to consider before asking an AI chatbot for health advice
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe.
BTMOB: A stealthy RAT burrowing deep into Android devices
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
This month in security with Tony Anscombe – April 2026 edition
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some ...
The calm before the ransom: What you see is not all there is
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against
That data breach alert might be a trap
Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot.
Supply chain dependencies: Have you checked your blind spot?
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Recovery scammers hit you when you’re down: Here’s how to avoid a second strike
If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.
As breakout time accelerates, prevention-first cybersecurity takes center stage
Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.
Digital assets after death: Managing risks to your loved one’s digital estate
Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.
This month in security with Tony Anscombe – March 2026 edition
The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan
RSAC 2026 wrap-up – Week in security with Tony Anscombe
This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with