Full Report
Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities
Analysis Summary
# Threat Actor: Russian APT Groups (Fancy Bear, Gamaredon, Sandworm mentioned)
## Attribution & Identity
Attribution is focused on Russian-aligned/backed advanced persistent threat (APT) groups. Specific groups mentioned active during the period are Fancy Bear, Gamaredon, and Sandworm.
## Activity Summary
Russian APT groups intensified malicious cyber activity, particularly against Ukraine and the European Union (EU), during late 2024 to early 2025 (October 2024 – March 2025). This escalation involved the exploitation of zero-day vulnerabilities and the deployment of wipers.
## Tactics, Techniques & Procedures
- Exploiting zero-day vulnerabilities.
- Deploying new wiper malware.
## Targeting
- Sectors: Not explicitly detailed for Russian groups in the provided snippet, but generally implied to be governmental/critical infrastructure given the context of APT activity and wiper use.
- Geography: Ukraine and the European Union (EU).
- Victims: Not specifically named in the provided excerpt for the Russian actors, though the general context implies targeting of entities within the EU and Ukraine.
## Tools & Infrastructure
- Malware families used: Wipers (newly deployed).
- Infrastructure (C2, domains, IPs): Not specified in detail in the provided text snippet.
## Implications
The intensified activity, highlighted by the use of zero-day exploits and destructive wipers, signifies a high level of hostile intent and capability targeting nations aligned against Russian interests, particularly within Europe. This suggests a readiness to cause significant disruption and data destruction.
## Mitigations
- Active monitoring and timely patching for zero-day vulnerabilities.
- Preparation and recovery planning for potential wiper attacks, including robust, segmented, and offsite backups.