China-aligned APT Groups Target Global Maritime and Tech Sectors Amid Geopolitical Tensions

China-aligned APT Groups Target Global Maritime and Tech Sectors Amid Geopolitical Tensions

First seen 28 May 2026, 13:42 UTC Feeds2.FeedburnerWelivesecurityMarkets.Businessinsiderwww.globenewswire.comInfosecurity-Magazine+3 85% similarity 75.5

Article Content

Browse articles
ThreatCluster

ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S. military operations, groups like FamousSparrow targeted Venezuelan maritime entities to monitor oil shipment resilience. Additionally, UNC5221's SPAWN malware was noted targeting governmental systems in Cambodia and Panama, as well as an AI and robotics firm in South Korea, aligning with China's strategic technology interests. Concurrently, North Korea-aligned groups like Andariel attacked the nuclear power sector, while Iran-aligned activities fluctuated due to internet restrictions amid ongoing conflict. ESET documented new clusters of activity against Israeli targets, indicating a rise in espionage and destructive capabilities. The report emphasizes the evolving nature of state-sponsored cyber threats in response to geopolitical developments.

Key Points: • China-aligned APT groups targeted maritime and tech sectors in response to geopolitical events. • FamousSparrow and UNC5221 were involved in espionage campaigns against Venezuela and South Korea. • Iran-aligned activities decreased due to internet restrictions amid the ongoing war in Iran.

ThreatCluster AI

Timeline

2025-10-01
Monitoring period begins
ESET researchers began tracking APT activities, focusing on geopolitical influences on cyber operations.
ESET Research
2026-02-28
War in Iran begins
The conflict initiated significant changes in cyber activity from Iran-aligned groups due to internet restrictions.
Markets.Businessinsider
2026-03-01
FamousSparrow targets Venezuelan entity
FamousSparrow conducted espionage against a Venezuelan governmental entity related to maritime affairs.
Welivesecurity
2026-03-15
UNC5221 targets South Korean tech
UNC5221's SPAWN malware targeted an AI and robotics company in South Korea, reflecting strategic interests.
Article 2
2026-05-28
ESET APT Activity Report published
ESET released findings on APT activities from late 2025 to early 2026, highlighting geopolitical impacts on cyber threats.
Article 1
2026-05-28
Increased activity against Israel
ESET documented a spike in cyber activity against Israeli targets, including new, unattributed threat clusters.
Article 4

Community

Browse all →