China-aligned APT Groups Target Global Maritime and Tech Sectors Amid Geopolitical Tensions

ESET's APT Activity Report (Oct 2025–Mar 2026) documents China-aligned and other state-linked actors conducting targeted espionage and destructive operations across maritime, energy, AI/robotics and government sectors. Notable activity includes FamousSparrow and UNC5221 (SPAWN) operations against Venezuelan maritime entities and South Korean tech firms, use of TigerRAT and Rook ransomware against nuclear-related engineering firms, exploitation of Ivanti VPN appliances and a poisoned JavaScript library, and a rise in operations targeting Israel; the report recommends patching, targeted detections, network segmentation, and monitoring of sector-specific assets.