ESET APT Activity Report Q4 2025–Q1 2026

ESET's Q4 2025–Q1 2026 APT Activity Report outlines global activity by China-, Iran-, North Korea-, and Russia-aligned actors and several unattributed clusters, describing espionage campaigns, malware families (including PhiliKit, TigerRAT, Asin), a supply-chain compromise of the widely used axios JavaScript library, destructive wipers and ransomware affecting critical infrastructure, and targeting of strategic sectors such as energy, maritime, defense, and technology.