In August 2025, APT attacks in South Korea primarily utilized spear phishing techniques, with LNK files being the most prevalent method. Two main types of attacks were observed: Type A, which used compressed CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which executed RAT malware like XenoRAT and RoKRAT using Dropbox API or Google Drive. The attacks targeted various sectors, employing sophisticated social engineering tactics and decoy documents to increase credibility. The malware performed actions such as keylogging, taking screenshots, and executing commands based on the threat actor's instructions. The report highlights the continuous evolution of APT tactics and the importance of vigilance against targeted phishing campaigns.