March 2025 APT Group Trends (South Korea)

April 10, 2025, 8:13 p.m.

Description

This intelligence report analyzes Advanced Persistent Threat (APT) attacks in South Korea during March 2025. The majority of attacks were classified as spear phishing, with LNK file distribution being the most prevalent method. Two types of LNK-based attacks were identified: Type A, which uses a CAB file with malicious scripts, and Type B, which downloads a CAB file containing a malicious Python script. Both types employ obfuscation techniques and execute multiple stages to perform various malicious activities, including information leakage and additional malware downloads. The attacks often use decoy files to appear legitimate and target specific individuals or groups with carefully crafted emails.

Date

  • Created: April 10, 2025, 6:50 p.m.
  • Published: April 10, 2025, 6:50 p.m.
  • Modified: April 10, 2025, 8:13 p.m.

Attack Patterns