July 2025 APT Attack Trends Report (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during July 2025 as well as features for each type. Figure 1. July 2025 statistics on
RokRAT Malware Using Malicious Hangul (.HWP) Documents
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of RokRAT malware using a Hangul Word Processor document (.hwp). RokRAT is typically distributed by including a decoy file and malicious script inside a shortcut (LNK) file. However, ASEC found a case where the malware was distributed through HWP documents instead
June 2025 APT Attack Trends Report (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during June 2025 as well as features for each type. Figure 1. June 2025 statistics
Infostealer Disguised as Copyright Infringement Document Distributed in Korea
AhnLab SEcurity intelligence Center (ASEC) has confirmed that Infostealer malware disguised as a document containing legal responsibilities and copyright infringement facts is continuously being distributed in Korea. It is mainly distributed through links in email attachments, and the email instructs the recipients to download the evidence related to the copyright
Analysis on the Case of TIDRONE Threat Actor’s Attacks on Korean Companies
AhnLab SEcurity intelligence Center (ASEC) has recently identified that the TIDRONE threat actor is launching attacks against companies. In the attack cases, Enterprise Resource Planning (ERP) software was exploited to install a backdoor malware called CLNTEND. TIDRONE is a threat group known for targeting Taiwanese defense companies and drone manufacturers.
