This threat report analyzes ETSO APT attacks and provides statistics on the number of attacks. The report describes the characteristics of the attacks, including how the attackers penetrate the internal network, move within the network using Pass the Pass and Pass the Hash techniques, exploit certificates, use anti-forensic tactics, and continue the attack even when discovered. The report also discusses the attack techniques used by level, including initial compromise, establishing a foothold, and escalation. The report concludes that the attack techniques used by ETSO have improved over time.