December 2024 Threat Trend Report on APT Attacks (South Korea)

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

This intelligence report analyzes Advanced Persistent Threat (APT) attacks targeting South Korea in December 2024. The primary method of attack was spear phishing, with a focus on distributing LNK files. Two main types of attacks were identified: Type A, which uses compressed CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which executes Remote Access Trojan (RAT) malware like XenoRAT and RoKRAT. The attacks often use deceptive file names and decoy documents to appear legitimate. The report highlights the sophisticated nature of these attacks, including the use of reconnaissance, email spoofing, and various malicious scripts to bypass security measures and compromise target systems.

Date