January 2026 Threat Trend Report on APT Attacks (South Korea)

AhnLab observed APT campaigns targeting South Korea in January 2026 that primarily used spear-phishing LNK and HTA payloads to deploy AutoIt-based malware, infostealers, and backdoors; the report includes confirmed malicious filenames, MD5 hashes, and C2 URLs/IPs and notes persistence via scheduled tasks and use of curl (including a copied curl.exe) for payload retrieval.