Overview   AhnLab utilizes its infrastructure to monitor for Advanced Persistent Threat (APT) attacks in South Korea. This report covers the classification and statistics on APT attacks on South Korea targets identified during the month of February 2026, and introduces the features of each type.  Figure 1. Statistics on APT attacks in Korea in February […]

distribution Methods – SEO Poisoning Typically, people perceive the sites that appear at the top of Google search results as the “most authoritative and official” sites. however, threat actors are playing on the psychology of such users, manipulating the search engine’s algorithms to place malicious sites at the top. SEO poisoning is an attack technique […]

Key APT Groups   Among the activities of APT groups in February 2026, attacks by APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201 were particularly prominent.   Lotus Blossom exploited the Notepad++ supply chain infrastructure to inject malicious executables into legitimate update processes, combining DLL sideloading with multi-stage loaders to deploy the Chrysalis backdoor […]

This report comprehensively covers actual cyber threats and related security issues targeting financial institutions in South Korea and abroad. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the Top 10 major malware targeting the financial sector, and provides statistics on the industry sectors of South Korean accounts leaked via […]

This report provides statistics, trends, and case information regarding the no. of malware distribution cases, distribution methods, and disguise techniques for Infostealer collected and analyzed during the month of February 2026. Below is a summary of the report’s original content.   1) Data Sources and Collection Methods  AhnLab SEcurity intelligence Center (ASEC) operates various systems […]

This report provides statistics, trends, and case information regarding the distribution volume and attachment threats of phishing emails collected and analyzed during the month of February 2026. The report below contains some statistical data and cases included in the original content. 1) Phishing Email Threat Statistics The most prevalent threat type among phishing email attachments […]

Green Blood 랜섬웨어 그룹은 2026년 1월부터 활동이 확인된 신규 랜섬웨어 그룹으로, Golang 기반의 랜섬웨어 페이로드를 운영하는 것이 특징이다. 이들은 남아시아와 아프리카, 남미 일부 국가를 중심으로 공격을 전개하고 있으며, 다른 랜섬웨어 그룹과 마찬가지로 감염된 시스템의 파일을 암호화하고 피해 기업의 민감 정보를 탈취하는 이중 갈취 방식을 사용한다. 또한 몸값이 지불되지 않을 경우 복호화 키를 영구적으로 파기하겠다는 협박성 […]