May 2025 APT Group Trends
Contents
May 2025 APT Group Trends
Trends of major APT groups by country
1) North Korea
The North Korean APT group has been targeting Ukrainian government agencies. This is different from the group’s typical attack targets, so further observation is required to determine whether this is a one-time attack or a strategic alliance with Russia. North Korea is also attempting to infiltrate organizations by disguising themselves and getting employed in the cybersecurity and other industries. In the recruitment process, they use various methods, including resume manipulation using AI and disguising themselves as women.1
Konni
In February 2025, the Konni group launched a phishing campaign against Ukrainian government agencies to steal credentials and distribute malware. This activity is considered part of the North Korean regime’s strategic information-gathering operations.
| Case 1. | |
| Period | February 2025 |
| Target | Ukrainian government agencies |
| Initial Access |
– Sent a phishing email disguised as a Microsoft security alert using …
Trends of major APT groups by country
1) North Korea
The North Korean APT group has been targeting Ukrainian government agencies. This is different from the group’s typical attack targets, so further observation is required to determine whether this is a one-time attack or a strategic alliance with Russia. North Korea is also attempting to infiltrate organizations by disguising themselves and getting employed in the cybersecurity and other industries. In the recruitment process, they use various methods, including resume manipulation using AI and disguising themselves as women.1
Konni
In February 2025, the Konni group launched a phishing campaign against Ukrainian government agencies to steal credentials and distribute malware. This activity is considered part of the North Korean regime’s strategic information-gathering operations.
| Case 1. | |
| Period | February 2025 |
| Target | Ukrainian government agencies |
| Initial Access |
– Sent a phishing email disguised as a Microsoft security alert using …