A key piece of information in the report is the exposure of an “Operation Triangulation” campaign involving the hackers’ use of previously unknown iOS malware.

Specifically, Kaspersky has discovered a new threat actor belonging to the Elephant group, operating in the Asia-Pacific region, called Mysterious Elephant. In the latest campaign, the group has used new backdoors, capable of executing files and commands on the victim's computer, and receiving files or commands from a malicious server to execute on the infected system.

Additionally, the ScarCruft APT group has developed new infection methods that evade Mark-of-the-Web (MOTW) security mechanisms. The constantly evolving tactics of these threat actors pose new challenges for cybersecurity experts.

APT campaigns remain geographically dispersed, with threat actors focusing their attacks on regions such as Europe, Latin America, the Middle East, and various parts of Asia. Cyber ​​espionage, with its geopolitical context, continues to be a driving factor in these activities.

“While some threat actors use familiar tactics such as social engineering, others have evolved, refreshed their toolkits, and expanded their operations. Furthermore, new actors, such as those behind Operation Triangulation, are constantly emerging. Staying up-to-date with threat intelligence and the right defense tools is crucial for global companies to protect themselves against existing and emerging threats. Our quarterly assessments are designed to highlight the most important developments among APT groups to help them protect themselves and mitigate the risks involved,” commented David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).