Statistics on Attachment Threats Types. trojans accounted for the largest share of attachment-based threats in March 2026 at 21%. phishing (FakePage) came in at 15%, with a significant month-over-month decrease in share from 42% to 15%, but a slight decrease in volume. downloaders were identified at 9% and droppers at 7%. trojans continue to circulate […]

Content. a number of malware samples including phishing, web shell, droppers, backdoor malware, downloaders, Infostealer, and CoinMiner targeting the financial sector have been distributed. we observed a number of cases where Korean disguised attachment names and HTML/JS execution methods were utilized to propagate phishing. account compromise campaigns through the Telegram API were confirmed, with approximately […]

Purpose and Scope. this report summarizes the number of ransomware samples, number of affected systems, DLS-based statistics, and major Korean & Global ransomware issues identified during the month of March 2026. Key statistics. ransomware sample counts and victimized systems statistics were aggregated by detection name assigned by AhnLab. statistics on targeted businesses were calculated based […]

Description. analysis of ASEC’s ASD logs for Q1 2026 showed a consistent trend of attacks against MS-SQL and MySQL. the number of attacks tended to decrease temporarily in February before increasing again in March. Purpose and Scope. this report summarizes the statistics of attacks targeting MS-SQL and MySQL servers installed on Windows and the malware […]

Description. AhnLab SEcurity intelligence Center (ASEC) analyzed the attack status and malware statistics of Windows web servers in the first quarter of 2026 based on AhnLab Smart Defense (ASD) logs. the analysis covers Internet Information Services (IIS) and Apache Tomcat web servers in Windows environments. command execution through the web shell is the main path […]

Overview. ASEC analyzed the statistics of attacks against Linux SSH servers in Q1 2026 based on honeypot logs. The P2PInfect worm dominated, accounting for 70.3% of all attack sources, and DDoS bots such as Mirai, XMRig, Prometei, and CoinMiner were identified as the main threats. Purpose and Scope. the purpose of this report is to […]

Description. this report analyzes Infostealer distribution trends and cases collected during the month of March 2026. It is based on data collected through ASEC’s automated collection and analysis system and ATIP’s real-time IOC service. Purpose and Scope. the purpose of the analysis is to identify trends in the volume, distribution methods, and disguising techniques. the […]

overview The cyber attack landscape in Q1 2026 was characterized by a step change from traditional mass-automated threats, with accelerated penetration rates driven by the use of AI, identity-centric attacks, exploitation of supply chain and SaaS linkages, and a combination of social engineering and vulnerability exploitation. threat actors are no longer relying on a single […]

Overview In recent years, cyber threat actors have consistently attempted to exploit living off the land binaries (LOLBins) built into systems to bypass detection by security products. Such attack methods effectively evade traditional signature-based detection by not distributing a separate malicious file, but instead relying on tools trusted by the operating system.Among them, MSBuild.exe is […]

Vulnerability Trends Summary for Q1 2026. Overview. q1 2026 saw a number of high-risk vulnerabilities reported with either public disclosures or confirmed exploits. an increase in remote code execution and authentication bypass family vulnerabilities was observed. Early publication of PoCs accelerated threat propagation. the potential for chain attacks through the perimeter and middle layers expanded. […]

Purpose and Scope. this report summarizes major APT group activity in February 2026. the analysis covers supply chain compromises, zero-day exploits, network segregation bypass, and backup and network infrastructure compromises. the major groups included in the report are APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201. Major APT groups by region. Lotus Blossom exploited […]

This report provides statistics, trends, and case information regarding the no. of malware distribution cases, distribution methods, and disguise techniques for Infostealer collected and analyzed during the month of February 2026. Below is a summary of the report’s original content.   1) Data Sources and Collection Methods  AhnLab SEcurity intelligence Center (ASEC) operates various systems […]

This report comprehensively covers actual cyber threats and related security issues targeting financial institutions in South Korea and abroad. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the Top 10 major malware targeting the financial sector, and provides statistics on the industry sectors of South Korean accounts leaked via […]

Statistics on Attachment Threats Types in February 2026, the highest percentage of phishing email attachment threats is FakePage (42%). threat actors sophisticatedly mimic login pages and advertisement pages with HTML and other scripts to trick users into entering data and sending it to a C2 server or to a fake site. another popular method is […]

This report provides statistics, trends, and case information regarding the distribution quantity, distribution methods, and obfuscation techniques of Infostealer malware collected and analyzed during the month of January 2026. Below is a summary of the original report content.   1) Data Sources and Collection Methods  AhnLab Security Intelligence Center (ASEC) operates various systems that can […]

This report comprehensively addresses actual cyber threats and related security issues that have occurred in domestic and international financial sector companies. It includes an analysis of malware and phishing cases disseminated targeting the financial sector, presents the top 10 major malware aimed at the financial sector, and provides statistics on industries of domestic accounts leaked […]

  Key APT Groups   Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices or manipulated settings to cause […]

This report provides the number of affected systems confirmed during January 2026, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information.   The statistics on the number of ransomware samples and affected systems were based on the diagnostic names assigned by AhnLab, and the statistics on ransomware-affected […]

This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry in Korea and worldwide. It includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains targeting the industry, and statistics on the sectors of Korean accounts leaked on […]

This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of December 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report.   1) Data Source and Collection Method  The AhnLab SEcurity intelligence Center (ASEC) operates various systems to automatically collect […]