WormGPT, which emerged in June 2023, has brought a paradigm shift to the cybercrime ecosystem. generative AI has lowered the barrier to entry for attacks, and AI-powered hacking tools are rapidly proliferating in both paid subscription services and free open source. furthermore, AI is evolving beyond the creation of attack tools to the management of […]

ahnLab recently confirmed the distribution of malicious files disguised as security emails from a major credit card company in Korea. this attack has a similar flow to the Kimsuky group’s past malicious LNK distribution case of disguising password files, but it is characterized by a change in the command execution of the initial LNK file. […]

Overview ahnLab utilized its infrastructure to monitor Advanced Persistent Threat (APT) attacks on targets in Korea. this report summarizes the classification, statistics, and features of each type of APT attacks identified in Korea during the month of April 2026. Trends of APT Attacks in South Korea most of the APT attacks identified in Korea were […]

Summary EndPoint is a ransomware variant formerly known as Midnight, which is believed to be built on the Babuk ransomware framework. It targets not only Windows environments, but also ESXi and NAS environments, and uses a double extortion method that combines file encryption with Data exfiltration threats. Overview Since the Babuk source code leak, several […]

Content this report summarizes the trends of new Infostealers collected during the month of April 2026, including distribution channels, malware distribution, malware quantity, detection quantity, and disguised targets. the data collected is based on ASEC’s Automated Data Collection System, Email Honeypot System, and AhnLab product detection results. Purpose and Scope the report covers Infostealers Disguised […]

Purpose and Scope this report covers cyber espionage and covert sabotage activities by Region-led threat groups believed to be supported by the Region. it excludes cybercrime groups that operate for financial gain. based on publicly available analysis over the past month, we categorized threat actors according to the names of their representatives in the ATIP. […]

Statistics on Malware Distributed to the Financial Sector attack Stage 1 Phishing, Attack Stage 2 Backdoor-Downloader-Dropper, and Attack Stage 3 Infostealer-Ransomware were identified as the top malware in the financial sector. The actual distribution files were identified based on MD5 Hash, and it was explained that there may be many variants of the same family. […]