July 2025 APT Attack Trends Report (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during July 2025 as well as features for each type. Figure 1. July 2025 statistics on
June 2025 APT Attack Trends Report (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during June 2025 as well as features for each type. Figure 1. June 2025 statistics
May 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of APT attacks in Korea that were identified over the course of a month in May 2025. Figure 1. Statistics of APT attacks in
PyBitmessage Backdoor Malware Installed with CoinMiner
The AhnLab SEcurity intelligence Center (ASEC) has recently detected a new type of backdoor malware being distributed alongside the Monero coin miner. This blog post covers malware that utilizes the PyBitmessage library to perform communications on a P2P (Peer to Peer) network and encrypt the communication content between endpoints, instead
April 2025 Threat Trend Report on APT Attacks (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and functions of APT attacks detected in South Korea over the course of one month in April 2025. Figure 1. Statistics of APT attacks in South
March 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in March 2025, as well as the attack types. Figure 1. Statistics of
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs. The main characteristic of ViperSoftX is that it operates as a PowerShell
February 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in February 2025, as well as the attack types. Figure 1. Statistics of APT
Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page
AhnLab SEcurity intelligence Center (ASEC) previously introduced the DarkGate malware which spreads using the paste function in a blog post. Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) The distribution method in this case initially involved spreading malware through HTML attachments disguised as MS Word files in
Larva-24009 Threat Actor’s Spear Phishing Attack Case Report
AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Larva-24009 threat actor is carrying out spear phishing attacks targeting Korean users. The threat actor has been active since around 2023 and has been primarily using spear phishing attacks targeting global users. Yet it has been recently confirmed that there are
