ESET APT Activity Report Q2 2025–Q3 2025

ESET's APT Activity Report Q2–Q3 2025 summarizes active nation-state-aligned and other APT campaigns observed April–September 2025, documenting China-, Russia-, Iran-, and North Korea-aligned actors (and others) targeting government, energy, healthcare, maritime, financial, and academic sectors across multiple regions; notable findings include a WinRAR zero-day exploited by RomCom, destructive wipers against Ukrainian targets, widespread spearphishing and adversary-in-the-middle techniques, credential- and email-stealers, new backdoors (e.g., BLOODALCHEMY, Kalambur), and an Android spyware family (Wibag) masquerading as YouTube.