February 2026 APT Group Trends Report
Key APT Groups Among the activities of APT groups in February 2026, attacks by APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201 were particularly prominent. Lotus Blossom exploited the Notepad++ supply chain infrastructure to inject malicious executables into legitimate update processes, combining DLL sideloading with multi-stage loaders
January 2026 APT Group Trends Report
Key APT Groups Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices
December 2025 APT Group Trends
Key APT Group Trends by Region 1) North Korea North Korean state‑sponsored threat groups have increasingly relied on fake IT employment schemes, actively exploiting legitimate hiring platforms and fabricated identities to infiltrate corporate environments. These actors frequently take advantage of remote‑work infrastructures to obtain elevated access and
April 2025 APT Group Trends
Trends of major APT groups by country 1) North Korea Since November 2024, the North Korean APT group has been exploiting the vulnerability of South Korean Internet financial security software. Similar attacks have been carried out in the past, and the threat actors have been launching attacks
Mobile Security & Malware Issue 4st Week of March, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of March, 2025”
Threat Trend Report on APT Groups – May 2024 Major Issues on APT Groups
The cases of major APT groups for May 2024 gathered from materials made public by security companies and institutions are as follows. 1. Andariel AhnLab SEcurity intelligence Center (ASEC) has been sharing Andariel group’s various attack cases against Korea.[1] The Nestdoor backdoor that the Andariel group had used
