Read Time:1 Minute, 15 Second
In November 2024, South Korea faced a surge in Advanced Persistent Threats (APTs), with spear phishing being the most prevalent attack vector. This report by AhnLab highlights key trends and tactics used by cybercriminals.
Key Findings
- Spear Phishing Dominance
- Spear phishing accounted for the majority of attacks. These highly targeted campaigns utilized reconnaissance to craft convincing phishing emails, often employing spoofed sender addresses.
- Malicious Attachments: LNK files embedded with PowerShell commands were the primary payload.
- Techniques and Targets
- Type A Attacks: LNK files compressed in CAB archives carried malicious scripts. On execution, these scripts exfiltrated data and downloaded additional malware.
- Example Decoy Files:
- BitKorea_Agreement.docx.lnk*
- Value-added tax processing regulations.hwp.lnk
- Example Decoy Files:
- Type B Attacks: these involved RAT (Remote Access Trojan) malware such as XenoRAT and RoKRAT. Delivered via cloud platforms like Dropbox, the malware enabled actions like keylogging and screenshot capturing.
- Example Decoy Files:
- Drone Special Free Zones Plan.lnk
- Changes in policy to support North Korean defectors.lnk
- Example Decoy Files:
- Type A Attacks: LNK files compressed in CAB archives carried malicious scripts. On execution, these scripts exfiltrated data and downloaded additional malware.
- Indicators of Compromise (IOCs)
- Malicious URLs and IP addresses linked to the attacks include:
http[:]//118[.]193[.]69[.]53/
http[:]//154[.]90[.]62[.]248/
- Malicious URLs and IP addresses linked to the attacks include:
Recommendations
- Educate employees about spear phishing risks.
- Deploy advanced email filtering systems.
- Regularly monitor and update endpoint security solutions.
- Leverage threat intelligence platforms like AhnLab TIP for proactive defense.
Conclusion
APTs continue to evolve, with attackers exploiting both technical vulnerabilities and human psychology. Staying informed and adopting a layered security approach is vital to combating these threats.
Stay vigilant.
For more details, visit ASEC Threat Report.