June 2025 APT Attack Trends Report (South Korea)

Description

This analysis examines Advanced Persistent Threat (APT) attacks targeting South Korea in June 2025. Spear phishing emerged as the primary attack vector, with LNK files being the most prevalent method, followed by an increase in HWP file-based attacks. The report details two types of spear phishing attacks: Type A, which uses CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which deploys RAT malware like XenoRAT and RoKRAT using cloud storage APIs. Both types often include decoy documents to appear legitimate. The attacks targeted various sectors, using carefully crafted emails and malicious attachments to exploit victims.