ESET Report Details State-Sponsored APT Campaigns Targeting Oil, Drones, and Poisoned Code Libraries
ESET's latest APT Activity Report reveals state-sponsored campaigns by Chinese, North Korean, Russian, and Iranian groups targeting oil shipments, drone manufacturers, and a poisoned code library.
ESET's APT Activity Report for October 2025–March 2026 provides a comprehensive overview of state-sponsored cyber campaigns driven by geopolitical pressures. The report highlights attacks by groups aligned with China, North Korea, Russia, and Iran, targeting oil shipments, drone manufacturers, and a poisoned code library. These campaigns reflect the strategic priorities of their respective governments, focusing on economic and security concerns.
In Asia, the campaigns primarily targeted governmental organizations, strategic industries, and advanced technology sectors. Chinese APT groups were observed targeting oil shipments and drone manufacturers, likely to gain intelligence on supply chains and military capabilities. North Korean groups continued their focus on cryptocurrency and financial theft, while Russian groups targeted critical infrastructure and government entities.
In the Middle East, Israel remained the principal focus of Iranian cyber operations. Iranian groups conducted espionage campaigns against Israeli defense and technology sectors, using sophisticated malware and social engineering tactics. The report also notes a poisoned code library incident, where attackers inserted malicious code into a widely used open-source library, affecting multiple downstream projects.
The report underscores the evolving tactics of APT groups, including the use of supply chain attacks, zero-day exploits, and living-off-the-land techniques. ESET researchers observed increased collaboration between state-sponsored groups and cybercriminal organizations, blurring the lines between espionage and financially motivated attacks.
ESET's findings emphasize the need for organizations to adopt proactive threat intelligence and robust security measures. The report recommends implementing multi-factor authentication, regular patching, and network segmentation to mitigate the risk of APT attacks. Additionally, organizations should monitor for indicators of compromise (IoCs) provided in the report to detect potential intrusions.
The full ESET APT Activity Report is available for download, providing detailed analysis of each campaign, including technical descriptions, IoCs, and MITRE ATT&CK mappings. Security teams are urged to review the report and update their defenses accordingly.