July 2025 APT Attack Trends Report (South Korea)

Description

The report analyzes Advanced Persistent Threat (APT) attacks in South Korea during July 2025. Spear phishing was the primary attack method, with LNK files being the most common vector. Two types of LNK-based attacks were identified: Type A, which uses compressed CAB files containing malicious scripts, and Type B, which executes RAT malware like XenoRAT and RoKRAT. The attacks targeted various sectors, including finance and blockchain, using sophisticated techniques such as email spoofing and exploiting product vulnerabilities. The report provides detailed information on file names, MD5 hashes, URLs, and IP addresses associated with these attacks, highlighting the ongoing threat to South Korean organizations.