Overview ahnLab monitored APT attacks against domestic targets during the month of March 2026. most of the attacks were launched through Spear Phishing emails sent after reconnaissance of specific targets. APT Attack Trends in Korea the majority of distribution vectors were shortcut (.lnk) files, with LNK-based attacks dominating. Type A is to run PowerShell with […]

Overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution phase.   Category Previous Distribution […]

Overview. ahnLab monitored APT attacks against domestic targets during the month of February 2026 through its infrastructure. this report summarizes the classification, statistics, and features of each type of domestic APT attacks identified during the period. APT Domestic Attack Trends. we found that most of the infiltrations were carried out through spear phishing emails. in […]

Overview   Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in January 2026. Figure 1. Statistics of APT attacks in South Korea in January 2026 Most of the APT attacks […]

Overview   AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each attack type.    Figure 1. […]

AhnLab SEcurity intelligence Center (ASEC) recently discovered that the xRAT (QuasarRAT) malware is being distributed through a webhard disguised as an adult game. In Korea, webhard services are one of the most commonly used platforms for distributing malware.   Typically, threat actors use malware that are easily accessible, such as njRAT and XwormRAT. They disguise […]