logo

May 2026 Threat Trend Report on APT Attacks (South Korea)

ID: e51562b2-aca4-59e6-9c5b-01557db6049b

STIX ID: report--e51562b2-aca4-59e6-9c5b-01557db6049b

Feed Name: ASEC

Threat Score
80/100

Date Published: 2026-06-24

Date Updated: 2026-07-02

Author: ATCP

...
...

AhnLab monitored a series of domestic APT campaigns in South Korea (May 2026) that primarily used spear‑phishing (notably malicious LNK, CHM, and JSE artifacts) to deliver loaders, Python and AutoIt backdoors, XenoRAT-type malware, and infostealers; attackers used PowerShell, certutil, Task Scheduler persistence, DLL side‑loading, and legitimate tools (curl, regsvr32) to download, execute, and maintain access. The report categorizes activity into multiple types (A–H), lists MD5 hashes, C2 URLs and FQDNs, and recommends verifying senders, avoiding unknown attachments, patching systems and browsers, and keeping V3 updated.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.