March 2026 APT Attack Trends Report (Domestic)
Overview ahnLab monitored APT attacks against domestic targets during the month of March 2026. most of the attacks were launched through Spear Phishing emails sent after reconnaissance of specific targets. APT Attack Trends in Korea the majority of distribution vectors were shortcut (.lnk) files, with LNK-based attacks dominating. Type A
March 2026 Threat Trend Report on APT Groups
Purpose and Scope. this report analyzes the strategies, techniques, and impacts of APT groups believed to be state-sponsored. it excludes financial crimes groups from its scope and organizes major threat behaviors by ATIP’s representative names. the activities of 13 APT groups were aggregated based on publicly available data for the
February 2026 APT Attack Trends Report (South Korea)
Overview. ahnLab monitored APT attacks against domestic targets during the month of February 2026 through its infrastructure. this report summarizes the classification, statistics, and features of each type of domestic APT attacks identified during the period. APT Domestic Attack Trends. we found that most of the infiltrations were carried out
February 2026 APT Group Trends Report
Purpose and Scope. this report summarizes major APT group activity in February 2026. the analysis covers supply chain compromises, zero-day exploits, network segregation bypass, and backup and network infrastructure compromises. the major groups included in the report are APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201. Major APT groups
January 2026 Threat Trend Report on APT Attacks (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in January 2026. Figure 1. Statistics of APT attacks in South Korea in January 2026
January 2026 APT Group Trends Report
Key APT Groups Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices
December 2025 APT Group Trends
Key APT Group Trends by Region 1) North Korea North Korean state‑sponsored threat groups have increasingly relied on fake IT employment schemes, actively exploiting legitimate hiring platforms and fabricated identities to infiltrate corporate environments. These actors frequently take advantage of remote‑work infrastructures to obtain elevated access and
December 2025 APT Attack Trend Report (South Korea)
Overview AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each
November 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features
November 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea The attack techniques of threat actors suspected to be based in North Korea are continuously evolving. In the case of malware distribution, threat actors are increasingly using a JSON-based cloud storage service instead of traditional email attachments or
