Read Time:1 Minute, 15 Second

In November 2024, South Korea faced a surge in Advanced Persistent Threats (APTs), with spear phishing being the most prevalent attack vector. This report by AhnLab highlights key trends and tactics used by cybercriminals.


Key Findings

  1. Spear Phishing Dominance
    • Spear phishing accounted for the majority of attacks. These highly targeted campaigns utilized reconnaissance to craft convincing phishing emails, often employing spoofed sender addresses.
    • Malicious Attachments: LNK files embedded with PowerShell commands were the primary payload.
  2. Techniques and Targets
    • Type A Attacks: LNK files compressed in CAB archives carried malicious scripts. On execution, these scripts exfiltrated data and downloaded additional malware.
      • Example Decoy Files:
        • BitKorea_Agreement.docx.lnk*
        • Value-added tax processing regulations.hwp.lnk
    • Type B Attacks: these involved RAT (Remote Access Trojan) malware such as XenoRAT and RoKRAT. Delivered via cloud platforms like Dropbox, the malware enabled actions like keylogging and screenshot capturing.
      • Example Decoy Files:
        • Drone Special Free Zones Plan.lnk
        • Changes in policy to support North Korean defectors.lnk
  3. Indicators of Compromise (IOCs)
    • Malicious URLs and IP addresses linked to the attacks include:
      • http[:]//118[.]193[.]69[.]53/
      • http[:]//154[.]90[.]62[.]248/

Recommendations

  • Educate employees about spear phishing risks.
  • Deploy advanced email filtering systems.
  • Regularly monitor and update endpoint security solutions.
  • Leverage threat intelligence platforms like AhnLab TIP for proactive defense.

Conclusion
APTs continue to evolve, with attackers exploiting both technical vulnerabilities and human psychology. Staying informed and adopting a layered security approach is vital to combating these threats.

Stay vigilant.


For more details, visit ASEC Threat Report.

Leave a Reply

Your email address will not be published. Required fields are marked *