216.73.216.128

June 2025 APT Attack Trends Report (South Korea)

· Published 16/07/2025 16:10 · Modified 16/07/2025 20:15

Export JSON

Essential information

Published
16/07/2025 16:10
Modified
16/07/2025 20:15
Tags
2025-07-16 apt hwp files lnk files rat rokrat south korea spear-phishing xenorat
Related entities
11 techniques (mitre), 2 others

Description

This analysis examines Advanced Persistent Threat () attacks targeting in June 2025. Spear phishing emerged as the primary attack vector, with being the most prevalent method, followed by an increase in HWP file-based attacks. The report details two types of spear phishing attacks: Type A, which uses CAB files containing malicious scripts for information exfiltration and additional malware downloads, and Type B, which deploys malware like and using cloud storage APIs. Both types often include decoy documents to appear legitimate. The attacks targeted various sectors, using carefully crafted emails and malicious attachments to exploit victims.

External references