NSFOCUS APT Monthly Briefing – May 2025

Regional APT Threat Situation

In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eastern Europe, East Asia, West Asia, and Southeast Asia.

In terms of group activity, the most active APT groups this month are SideWinder, APT36, and Bitter from South Asia, while other active groups include Konni and Kimsuky from East Asia, and APT28 from Eastern Europe.

The most popular intrusion method for this month’s events is spear phishing email attacks, accounting for 84% of the total attack incidents. There are also a few attack groups that use vulnerabilities and watering hole attacks for intrusion.

The primary targets of APT groups in May 2025 are government agencies, accounting for 34%, followed by national defense forces which account for 23%. Other attack targets include organizations, individuals, research institutions, financial institutions, and infrastructures.

To read the complete article see: NSFOCUS APT Monthly Briefing – May 2025