March 2025 APT Group Trends (South Korea)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This intelligence report analyzes Advanced Persistent Threat (APT) attacks in South Korea during March 2025. The majority of attacks were classified as spear phishing, with LNK file distribution being the most prevalent method. Two types of LNK-based attacks were identified: Type A, which uses a CAB file with malicious scripts, and Type B, which downloads a CAB file containing a malicious Python script. Both types employ obfuscation techniques and execute multiple stages to perform various malicious activities, including information leakage and additional malware downloads. The attacks often use decoy files to appear legitimate and target specific individuals or groups with carefully crafted emails.
OPENCTI LABELS :
apt,powershell,spear phishing,obfuscation,python,lnk files,south korea,pebbledash,nukesped,task scheduler,cab files
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
March 2025 APT Group Trends (South Korea)