December 2025 APT Attack Trend Report (South Korea)
Overview AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each
November 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features
November 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea The attack techniques of threat actors suspected to be based in North Korea are continuously evolving. In the case of malware distribution, threat actors are increasingly using a JSON-based cloud storage service instead of traditional email attachments or
Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)
1. Overview AhnLab SEcurity intelligence Center (ASEC) has identified an attack where the remote code execution vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, was exploited to distribute the ShadowPad malware. ShadowPad is a backdoor malware used by numerous Chinese APT groups. First discovered in 2017, its
October 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025
October 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea North Korea-affiliated cyber threat groups have stolen cryptocurrency, credentials, and performed reconnaissance and remote control attacks through various malware and operations. They used Node.js-based malware and a multi-stage infection chain to target both Windows and macOS environments. Through their
September 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea North Korea-linked APT groups have been intensively carrying out advanced spear-phishing and remote access attacks against the defense, military, and cryptocurrency sectors in South Korea. They have also introduced a new psychological deception technique using generative AI and
September 2025 APT Attack Trends Report (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in September 2025. Figure 1. Statistics of APT attacks in September 2025 In Korea, most
Larva-25010 – Analysis on the APT Down Threat Actor’s PC
This report covers the seven posts on the breach analysis of APT Down, which were published in “Threat Notes” of AhnLab TIP after the release of the “APT Down: the North Korea Files” report, along with additional analysis. Post on Aug 12, 2025, “APT DOWN – Analysis of Korean
August 2025 Threat Trend Report on APT Attacks (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report covers the categorization and statistics of APT attacks in South Korea during August 2025 as well as functions for each type. Figure 1. August 2025 statistics on APT
