Russia

Marking the one year anniversary of Russia's invasion of Ukraine: Russia continues to target Ukraine in cyber attacks

• CERT-UA releases alert stating it has recorded a number of targeted cyber attacks by the Russian APT Gamaredon on Ukrainian state authorities and critical information infrastructure.
• CERT-UA releases alert stating Russia-linked actors (UAC-0056) breached multiple Ukrainian government websites, using a web shell that was created no later than December 23, 2021 to deploy multiple backdoors.
• It was reported the Russian cyber espionage group known as Nodaria (UAC-0056) is using a new info-stealer called Graphiron against Ukrainian targets.

China

Targeted cyber espionage against European and Asian organizations 

• CERT-EU and ENISA release a joint alert warning of Chinese APTs, including APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda, targeting EU organizations.
• Symantec releases research on the Chinese BlackFly APT (aka APT41, Winnti) targeting materials technology companies in Asia to steal intellectual property (IP).

Iran

Stealing credentials in the Middle East

• Trend Micro releases a report on a new APT34 backdoor malware targeting the Middle East in December 2022 in order to steal users' credentials. 

North Korea

Using ransomware for profit and spying on South Korean users

• CISA releases an alert on North Korean threat actors using ransomware to target healthcare organizations in order to fund its weapons programs. 
• Sources report suspected North Korean threat actors targeted a journalist in South Korea with a malware-laced Android app called RambleOn as part of a social engineering campaign.