State-backed hackers pivot to high-tech firms, raising alarm for Irish industry. Growing cyber espionage risk for companies holding valuable intellectual property in AI, robotics and advanced engineering.
State-backed cyber groups are increasingly directing their attention towards private companies operating at the frontier of advanced technology, according to new research from cybersecurity firm ESET, with implications for Ireland’s innovation-driven economy.
The company’s latest APT Activity Report, covering the period from October 2025 to March 2026, documents a clear shift in targeting patterns.
“What should worry an Irish business owner is not the geography, it is the patience. These groups will spend months inside a network”
Attackers traditionally focused on government and military systems are now prioritising businesses that hold commercially sensitive intellectual property, particularly in areas such as artificial intelligence, robotics and advanced engineering.
ESET Ireland says this trend carries particular relevance for Irish firms operating across AI, medtech, semiconductors and advanced manufacturing, sectors that are deeply embedded in global supply chains and increasingly attractive to hostile actors.
Cyber espionage threat
George Foley, security spokesperson for ESET Ireland, said Irish companies should not dismiss the findings based on geography alone.
“The named victims in this report are in Seoul, Kyiv and Warsaw, so it is easy for an Irish company to read it as someone else’s problem. That is the wrong instinct,” Foley said. “The point is the shift in who is being targeted. These groups used to go after governments and militaries. They are now going after the private companies that hold valuable technology and sit inside global supply chains. Plenty of Irish firms fit that description.”
The report points to several case studies that illustrate the breadth and intent of recent campaigns. Among them is activity linked to a China-aligned group, tracked by ESET as UNC5221, which targeted an artificial intelligence and robotics company in South Korea. ESET suggests the operation aligns with Beijing’s strategic focus on key technologies under its Made in China 2025 policy framework.
In a separate incident, the North Korea-aligned group Andariel targeted a South Korean engineering firm believed to be involved in equipment related to liquid hydrogen handling and nuclear power systems. The attackers deployed malware and attempted to propagate ransomware within the organisation’s network, signalling a combination of espionage and disruptive intent.
For Irish executives, Foley said the greater concern lies not only in being targeted, but in the methods used by such groups.
“What should worry an Irish business owner is not the geography, it is the patience,” he said. “These groups will spend months inside a network, quietly, before they take anything. You cannot defend against an intruder you cannot see. For any company doing genuinely advanced work, the basic questions are whether you would even know if someone was inside your systems, and how long they could stay there before you noticed.”
Beyond the private sector, the report also highlights ongoing threats to energy providers and critical infrastructure. ESET attributes, with medium confidence, a data destruction incident affecting a Polish energy company in December 2025 to the Russia-aligned Sandworm group. The research indicates that Sandworm expanded its use of destructive tools over the winter period, particularly in operations linked to Ukraine.
Russia-aligned actors otherwise remained focused on Ukrainian defence and military-related targets. ESET identifies activity by the group Sednit, which pursued campaigns against military personnel, drone manufacturers and research organisations involved in drone development.
The analysis also underscores how geopolitics continues to shape cyber activity. China-aligned groups were observed monitoring maritime and energy developments in regions such as Venezuela and the Gulf. Elsewhere, a defence company in the United Arab Emirates was reported as compromised, while Arabic-speaking individuals, potentially including journalists, were targeted using Android spyware.
In the Middle East, Iran-aligned activity remained concentrated on Israel, reflecting ongoing regional tensions expressed through cyber operations as well as conventional means.
ESET notes that its findings are derived primarily from its own telemetry, supported by analysis and verification from its research teams. The company argues that the evolving threat landscape requires a reassessment of risk among private sector organisations, particularly those engaged in advanced and strategically important technologies.
For Ireland, where multinational investment and indigenous innovation have positioned the country as a hub for high-value manufacturing and research, the message is direct. As intellectual property becomes an increasingly contested asset, cybersecurity resilience is no longer a technical issue confined to IT departments but a core element of business strategy.
The full report, titled “Conflict-informed espionage: Monitoring oil shipments, targeting drone makers,” is available through ESET’s WeLiveSecurity platform.
-
Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here
-
For support in challenging times, click here
-
Listen to the ThinkBusiness Podcast for business insights and inspiration. Latest episodes are here. You can also listen to the Podcast on:
-
Spotify
-
SoundCloud
-
Apple
