Between September and the end of December 2022, Russia-aligned advanced persistent threat (APT) groups continued to be involved in operations targeting Ukraine, deploying destructive wipers and ransomware, according to the APT Activity Report released by ESET Research. The report, which summarizes discoveries about select APT groups, also found that Goblin Panda, a China-aligned group, started to duplicate Mustang Panda’s interest in European countries, and Iran-aligned groups continued to operate at a high volume.
In Ukraine, ESET detected the infamous Sandworm group using a previously unknown wiper against an energy sector company. Nation-state or state-sponsored actors usually operate APT groups. The described attack happened in October during the same period as Russian armed forces began launching missile strikes targeting energy infrastructure. While the report is not able to show that those events were coordinated, it suggests that Sandworm and the Russian military have related objectives.