April 2025 Threat Trend Report on APT Attacks (South Korea)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis covers APT attacks detected in South Korea during April 2025. Spear phishing emerged as the primary distribution method for these attacks. Two main types of spear phishing were observed: Type A, which uses LNK files to distribute compressed malicious scripts for information leakage and additional malware downloads, and Type B, which executes RAT malware like XenoRAT and RoKRAT using Dropbox API or Google Drive. The attacks often employ decoy documents and target specific individuals or groups with crafted emails. Various file names were used to disguise the malicious content, often mimicking official documents or applications. The report highlights the sophisticated nature of these APT attacks and their potential impact on South Korean targets.
OPENCTI LABELS :
apt,rat,spear-phishing,lnk files,rokrat,xenorat,south korea,google drive,dropbox api
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
April 2025 Threat Trend Report on APT Attacks (South Korea)