March 2026 APT Attack Trends Report (Domestic)

AhnLab monitored and reported multiple targeted APT campaigns in March 2026 that used spear-phishing and LNK/HTA/JSE vectors to deliver multi-stage payloads (AutoIt droppers, memory-loaded DLL backdoors, XenoRAT family RATs, and infostealers). The report enumerates five distribution TTP types, includes MD5 hashes and malicious URLs/C2 domains, and notes ongoing detection and tracking of related samples, warning of potential system takeover and information exfiltration.