Roiling Geopolitical Stage Ramps Up Cyber Threats Worldwide: Eset

The report unveiled a hotbed of cyberattacks around the world fueled by political unrest and plain old greed.

Conflict and politics are increasing cyber threats across the globe, a new report from cybersecurity firm Eset found.

Eset researchers analyzed “notable” activity by advanced persistent threat (APT) groups from April to September 2025.

In summary, Eset’s APT Activity Report unveiled a hotbed of cyberattacks around the world fueled by political unrest and plain old greed.

The report broke down its findings by region:

Europe

Russian-backed APTs are using cyberespionage against Ukraine and several European Union nations, according to the report.

Gamaredon and Sandworm are the most active Russian-sponsored APTs, committing threats against Ukraine. Sandworm has been targeting government, energy, logistics, and grain sectors in Ukraine. Russian-backed APTs account for over a quarter of the attacks (25.7 percent) that Eset researchers observed during their analysis period.

Throughout Europe APTs primarily target government entities, followed by the transportation, technology, and engineering and manufacturing sectors.

Eset reported that even its own company was targeted by Russian APTs.

“Interestingly, one Russia-aligned threat actor, InedibleOchotense, conducted a spearphishing campaign impersonating ESET. This campaign involved emails and Signal messages delivering a trojanized ESET installer that leads to the download of a legitimate ESET product along with the Kalambur backdoor,” said Jean-Ian Boutin, director of threat research at ESET, in a news release.

China

China-aligned APT groups accounted for the most cyber threat activity, at 39.8 percent. These groups are targeting other countries throughout Asia, Latin America, and the U.S.

Their goal, according to the report, is to serve a host of the Chinese government’s geopolitical priorities.

Some of the tactics these APTs employ include software hijacking, compromising network devices, and deploying custom tools.

The most active APTs in China include FamousSparrow, SinisterEye, and PlushDaemon. FamousSparrow has focused on targeting government entities throughout Latin America. Eset researchers conclude that this activity is related to China’s response to several of the U.S. governments initiatives in that region.

Iran

Iranian-backed APTs including MuddyWater, BladedFeline, and GalaxyGato (which goes by a host of other aliases.

The researchers describe MuddyWaters as “hyperactive,” launching cyberattack campaigns in Nigeria, Armenia, Greece, the U.S. and throughout the Middle East. The group’s tactics involve spearphishing campaigns, malicious remote monitoring tools, and custom backdoors that load into memory.

MuddyWater’s greatest success lies in its spearphishing activity. The reason why: “Using a compromised inbox to walk past the organization’s email perimeter [the APT] is able to bypass a great many detections for lateral movement” within an organization, the report states.

North Korea

North Korean APTs are not only focused on furthering the nation’s geopolitical interests, but they are also heavily engaged in financial schemes, the report found.

Among the most active of North-Korean-backed APTs are DeceptiveDevelopment, Lazarus, Kimsulky, and Kommi – which sets its sights on cryptocurrency – North Korea’s “cash cow,” according to the researchers.

Supply-chain and watering-hole attacks account for some of the activities of these groups.