November 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features
October 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025
June 2025 APT Attack Trends Report (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during June 2025 as well as features for each type. Figure 1. June 2025 statistics
May 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of APT attacks in Korea that were identified over the course of a month in May 2025. Figure 1. Statistics of APT attacks in
April 2025 Threat Trend Report on APT Attacks (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and functions of APT attacks detected in South Korea over the course of one month in April 2025. Figure 1. Statistics of APT attacks in South
March 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in March 2025, as well as the attack types. Figure 1. Statistics of
February 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in February 2025, as well as the attack types. Figure 1. Statistics of APT
Kimsuky Group’s New Backdoor (HappyDoor)
Table of Contents Overview Distribution Method and Changes Distribution Method Changes of HappyDoor Detailed Analysis Summary Characteristics Registry Data Packet Data Packet Structure and Server Operation Method Features Information Theft Backdoor Conclusion This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat
Kimsuky Group’s Spear Phishing Detected by AhnLab EDR (AppleSeed, AlphaSeed)
Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014, and have expanded their attacks to other countries since 2017 [1]. The group has mainly
Kimsuky Group Uses ADS to Conceal Malware
AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware. This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual
