This report provides the number of affected systems confirmed during November 2025, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information.   The statistics on the number of ransomware samples and affected systems are based on the diagnostic names assigned by AhnLab. Please note that the […]

This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of November 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report.   1) Data Source and Collection Method   The AhnLab SEcurity intelligence Center (ASEC) operates various systems to automatically […]

This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry in Korea and worldwide. It includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains targeting the industry, and statistics on the sectors of Korean accounts leaked on […]

This report provides statistics, trends, and case information on the distribution volume, attachment threats, and other aspects of phishing emails collected and analyzed for one month in November 2025. The following are some of the statistics and cases included in the original report. 1) Statistics of Phishing Email Threats In November 2025, the most prevalent […]

Overview   AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features of each attack type.   […]

Trends of Key APT Groups by Region   1) North Korea   The attack techniques of threat actors suspected to be based in North Korea are continuously evolving. In the case of malware distribution, threat actors are increasingly using a JSON-based cloud storage service instead of traditional email attachments or simple URLs. This allows them […]

AhnLab SEcurity intelligence Center (ASEC) recently discovered an advanced malware distribution campaign using Node.js while tracking the recently disclosed React2Shell vulnerability. This attack installs EtherRAT through multiple stages, with the ultimate goal of gaining a foothold, stealing information, and stealing cryptocurrency.   After the threat actor accessed the IP address on port 80, they immediately […]