May 2026 Threat Trend Report on APT Attacks (South Korea)

May 2026 Threat Trend Report on APT Attacks (South Korea)

Overview AhnLab monitored APT (Advanced Persistent Threat) attacks—covert, sustained targeted attacks—using its own infrastructure. This report summarizes the types and statistics on domestic APT attacks identified during the month of May 2026 and discusses the characteristics of each type as well as AhnLab Response Overview. Trends of APT Attacks in

Security Issues in the Korean & Global Financial Sector in May 2026

Security Issues in the Korean & Global Financial Sector in May 2026

Statistics on Malware Distributed to the Financial Sector In Attack Stage 1 targeting the financial sector in May 2026, phishing had the highest score at 2.3. This is the highest figure since December 2025, indicating that Initial Breach attempts are increasingly centered on phishing. In Attack Stage 2, Dropper/Downloader had

Ransom & Dark Web Issues Week 4, May 2026

Ransom & Dark Web Issues Week 4, May 2026

ASEC Blog publishes Ransom & Dark Web Issues Week 4, May 2026           Customer Data of Japanese Educational Franchise Sold on BreachForums by Hasan Data from Japanese Government Agency for National Civil Servant Personnel Administration Sold on BreachForums by Hasan FBI Issues Warning Regarding Fraudulent FIFA

April 2026 Threat Trend Report on APT Attacks (South Korea)

April 2026 Threat Trend Report on APT Attacks (South Korea)

Overview ahnLab utilized its infrastructure to monitor Advanced Persistent Threat (APT) attacks on targets in Korea. this report summarizes the classification, statistics, and features of each type of APT attacks identified in Korea during the month of April 2026. Trends of APT Attacks in South Korea most of the APT

April 2026 Phishing Email Trends Report

April 2026 Phishing Email Trends Report

Statistics on Attachment Threat Types in April 2026, the most common threat in phishing email attachments was Trojan (47%). this type was distributed by disguising itself with a double extension or a legitimate file name to trick the user into executing it and installing malware on the system. they continued

Dark Web Threat Actor Trend Report, April 2026

Dark Web Threat Actor Trend Report, April 2026

Notes the April 2026 Dark Web Threat Actor Trend Report summarizes trends in hacktivists and threat actors operating on the deep web and dark web. due to the nature of the sources, some of the information is difficult to fully verify as factual. Major Issues NoName05716 claimed repeated DDoS attacks

March 2026 Phishing Email Trends Report

March 2026 Phishing Email Trends Report

Statistics on Attachment Threats Types. trojans accounted for the largest share of attachment-based threats in March 2026 at 21%. phishing (FakePage) came in at 15%, with a significant month-over-month decrease in share from 42% to 15%, but a slight decrease in volume. downloaders were identified at 9% and droppers at

March 2026 APT Attack Trends Report (Domestic)

March 2026 APT Attack Trends Report (Domestic)

Overview ahnLab monitored APT attacks against domestic targets during the month of March 2026. most of the attacks were launched through Spear Phishing emails sent after reconnaissance of specific targets. APT Attack Trends in Korea the majority of distribution vectors were shortcut (.lnk) files, with LNK-based attacks dominating. Type A

March 2026 Security Issues in the Korean & Global Financial Sector

March 2026 Security Issues in the Korean & Global Financial Sector

Content. a number of malware samples including phishing, web shell, droppers, backdoor malware, downloaders, Infostealer, and CoinMiner targeting the financial sector have been distributed. we observed a number of cases where Korean disguised attachment names and HTML/JS execution methods were utilized to propagate phishing. account compromise campaigns through the Telegram

LOLBins – Analysis of MSBuild-Based Attack Techniques

LOLBins – Analysis of MSBuild-Based Attack Techniques

Overview In recent years, cyber threat actors have consistently attempted to exploit living off the land binaries (LOLBins) built into systems to bypass detection by security products. Such attack methods effectively evade traditional signature-based detection by not distributing a separate malicious file, but instead relying on tools trusted by the