Russia-linked Hackers Intensify Attacks - APT Activities Shift Globally

Author: Help Net Security | Source: Russia-linked hackers intensify attacks as global APT activity shifts | Publication Date: November 6, 2025 | Summary Reading Time: 4 minutes

Executive Summary

State-sponsored hacker groups have drastically intensified their cyber activities in the last six months, with Russia leading with 40% of all APT activities and primarily targeting Ukraine and EU supporters. China is strategically expanding into Latin America (26% of activities), while Iran develops innovative internal phishing techniques and North Korea combines espionage with profit motives. Recommended Action: Companies must immediately strengthen their cyber defenses, particularly against zero-day exploits and adversary-in-the-middle attacks.

Core Issue & Context

The ESET APT Activity Report (April-September 2025) documents a significant escalation in state-sponsored cyberattacks. Geopolitical tensions are increasingly manifesting in cyberspace, with traditional boundaries between espionage, sabotage, and cybercrime blurring.

Key Facts & Figures

• 40% of all APT activities originate from Russian groups
• 26% of attacks are attributed to Chinese actors
• 14% of global activity falls to North Korean groups
• 8% of campaigns are Iran-linked
• RomCom exploited zero-day vulnerability in WinRAR (now patched)
• New regional expansion: China focuses on 5 Latin American countries
• Sandworm deploys destructive malware (ZEROLOT, Sting) against Ukrainian infrastructure

Stakeholders & Affected Parties

Primary affected sectors:

• Financial services and manufacturing (Europe/Canada)
• Energy and logistics companies (Ukraine, Central Asia)
• Government agencies (Latin America, Middle East)
• Defense industry and grain sector
• Cryptocurrency developers (North Korea target group)

Geographic hotspots: Ukraine, EU states, Latin America, Central Asia, Middle East

Opportunities & Risks

Risks:

• Escalation of attack sophistication: AiTM techniques and supply chain compromises
• Expanded attack surfaces through internal phishing and cloud storage abuse
• Economic sabotage of Ukrainian war economy by Russia
• Geopolitical cyber spillover effects on third countries

Opportunities:

• Improved threat intelligence through detailed APT attribution
• Proactive defense against known TTPs possible
• International cyber cooperation becomes critical success factor

Action Relevance

Immediate measures:

• Patch WinRAR systems (zero-day exploit closed)
• Secure update processes against AiTM attacks
• Strengthen internal email security (Iran tactics)
• Update Roundcube webmail (CVE-2024-42009)

Strategic adjustments:

• Supply chain security for software installations
• Enhanced monitoring for unusual internal communication
• Employee awareness training for social engineering (especially crypto sector)

References

Primary source:

• Russia-linked hackers intensify attacks as global APT activity shifts - Help Net Security

Supplementary sources:

• ESET APT Activity Report - Official ESET Publication
• CVE-2024-42009 Roundcube Vulnerability Details - MITRE
• WinRAR Zero-Day Security Advisory - WinRAR Official

Verification Status: ✅ Facts verified on November 6, 2025