ESET Research


2263 articles

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

Zoltán Rusnák02 Jul 2025


ESET Threat Report H1 2025

ESET Threat Report H1 2025

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Jiří Kropáč26 Jun 2025


BladedFeline: Whispering in the dark

BladedFeline: Whispering in the dark

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

ESET Research05 Jun 2025


Danabot: Analyzing a fallen empire

Danabot: Analyzing a fallen empire

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Tomáš Procházka22 May 2025


ESET takes part in global operation to disrupt Lumma Stealer

ESET takes part in global operation to disrupt Lumma Stealer

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

Jakub Tomanek21 May 2025


ESET APT Activity Report Q4 2024–Q1 2025

ESET APT Activity Report Q4 2024–Q1 2025

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Jean-Ian Boutin19 May 2025


Operation RoundPress

Operation RoundPress

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

Matthieu Faou15 May 2025


TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

Facundo Muñoz30 Apr 2025


Shifting the sands of RansomHub’s EDRKillShifter

Shifting the sands of RansomHub’s EDRKillShifter

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

Jakub Souček and Jan Holman26 Mar 2025