December 2024 Threat Trend Report on APT Attacks (South Korea)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This intelligence report analyzes Advanced Persistent Threat (APT) attacks targeting South Korea in December 2024. The primary method of attack was spear phishing, with a focus on distributing LNK files. Two main types of attacks were identified: Type A, which uses compressed CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which executes Remote Access Trojan (RAT) malware like XenoRAT and RoKRAT. The attacks often use deceptive file names and decoy documents to appear legitimate. The report highlights the sophisticated nature of these attacks, including the use of reconnaissance, email spoofing, and various malicious scripts to bypass security measures and compromise target systems.
OPENCTI LABELS :
apt,rat,spear-phishing,lnk files,rokrat,xenorat,south korea,decoy documents
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
December 2024 Threat Trend Report on APT Attacks (South Korea)