October 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea North Korea-affiliated cyber threat groups have stolen cryptocurrency, credentials, and performed reconnaissance and remote control attacks through various malware and operations. They used Node.js-based malware and a multi-stage infection chain to target both Windows and macOS environments. Through their
September 2025 APT Attack Trends Report (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in September 2025. Figure 1. Statistics of APT attacks in September 2025 In Korea, most
Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate – Malware Signed with Nexaweb Certificate
AhnLab SEcurity intelligence Center (ASEC) has discovered malware signed with the certification of Nexaweb Inc. by investigating a file with the same characteristics as the one signed with a Korean company’s certificate. These malware samples have been reported by other security companies about the activities of the Kimsuky group.
