Nation-State Hackers Rely on Spear Phishing as Primary Attack Technique

A recent report from ESET has revealed that most nation-state threat actors are relying on spear phishing as a primary means of initial access against their targets. The cybersecurity firm analyzed attacks in the second and third quarters of 2024, finding that state-sponsored Advanced Persistent Threats (APTs) from China, Russia, Iran, and North Korea used social engineering tactics to compromise vulnerable organizations.

Among these nations, Iranian threat actors continued to conduct cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to financial companies in Africa, highlighting a strategic interest in securing economic leverage.

ESET warns that Iran-aligned groups may be using cyber capabilities for diplomatic espionage and potentially supporting kinetic operations. The researchers discovered that these groups compromised several financial services firms in Africa, conducted cyber espionage against Iraq and Azerbaijan, and escalated their focus on the transportation sector in Israel.

The Russian threat actor Sednit, also known as "APT28" or "Fancy Bear," launched targeted phishing attacks designed to compromise Roundcube servers across various sectors. ESET observed new spear phishing waves directed against governmental, academic, and defense-related entities in several countries.

In a contrasting approach, North Korean threat actors rely on establishing trust with their victims by offering phony employment opportunities before tricking them into installing malware. This deceptive tactic involves multiple stages, allowing for the establishment of a relationship before introducing malicious packages.

According to ESET, this report highlights the evolving nature of cyber threats and emphasizes the importance of robust security measures in protecting individual organizations and nation-states alike.