June 2025 APT Attack Trends Report (South Korea)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis examines Advanced Persistent Threat (APT) attacks targeting South Korea in June 2025. Spear phishing emerged as the primary attack vector, with LNK files being the most prevalent method, followed by an increase in HWP file-based attacks. The report details two types of spear phishing attacks: Type A, which uses CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which deploys RAT malware like XenoRAT and RoKRAT using cloud storage APIs. Both types often include decoy documents to appear legitimate. The attacks targeted various sectors, using carefully crafted emails and malicious attachments to exploit victims.
OPENCTI LABELS :
apt,rat,spear phishing,lnk files,rokrat,xenorat,south korea,hwp files
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
June 2025 APT Attack Trends Report (South Korea)