Cyber Threat Trends

Summary: 2025/04/28 20:04

First reported date: 2016/02/24
Inquiry period : 2025/03/29 20:04 ~ 2025/04/28 20:04 (1 months), 47 search results

전 기간대비 30% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Lazarus North Korea Campaign Malware Report 입니다.
악성코드 유형 LPEClient Black Basta LockBit 도 새롭게 확인됩니다.
공격자 라자루스 LOTUS PANDA Sandworm 도 새롭게 확인됩니다.
공격기술 ClickFix Social Engineering 도 새롭게 확인됩니다.
기관 및 기업 United Kingdom 한국 CISA 도 새롭게 확인됩니다.
기타 amp South Contagious ClickFake SyncHole 등 신규 키워드도 확인됩니다.

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/27 북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행
    ㆍ 2025/04/25 New Lazarus campaign hits South Korea
    ㆍ 2025/04/25 North Korean cyberespionage facilitated by bogus US firms, crackdown underway

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Lazarus	47	▲ 14 (30%)
2	North Korea	26	▲ 7 (27%)
3	Campaign	22	▲ 13 (59%)
4	Malware	18	▲ 3 (17%)
5	Report	14	▲ 6 (43%)
6	hacking	12	▲ 8 (67%)
7	South Korea	11	▲ 9 (82%)
8	ClickFix	10	▲ new
9	Cryptocurrency	9	▼ -2 (-22%)
10	Software	9	▲ 7 (78%)
11	cti	8	▲ 2 (25%)
12	dprk	8	▲ 2 (25%)
13	attack	7	▼ -3 (-43%)
14	APT	7	▲ 6 (86%)
15	Korean	7	▲ 6 (86%)
16	Kaspersky	6	▲ 3 (50%)
17	Windows	6	- 0 (0%)
18	Backdoor	6	▲ 5 (83%)
19	Vulnerability	6	- 0 (0%)
20	Distribution	6	▲ 2 (33%)
21	North	6	▲ 2 (33%)
22	Update	6	- 0 (0%)
23	United States	6	▲ 1 (17%)
24	amp	5	▲ new
25	Operation	5	▲ 1 (20%)
26	공격	5	▲ 4 (80%)
27	South	4	▲ new
28	Contagious	4	▲ new
29	c&c	4	▼ -1 (-25%)
30	ClickFake	4	▲ new
31	SyncHole	4	▲ new
32	북한	4	▲ 3 (75%)
33	ZeroDay	4	▲ 3 (75%)
34	Phishing	4	▼ -1 (-25%)
35	Kimsuky	3	▲ 1 (33%)
36	Victim	3	▼ -1 (-33%)
37	Malicious	3	▲ 1 (33%)
38	npm	3	▲ 2 (67%)
39	Social Engineering	3	▲ new
40	United Kingdom	3	▲ new
41	Education	3	▲ new
42	해커	3	▲ new
43	Exploit	3	▼ -3 (-100%)
44	target	3	▲ 1 (33%)
45	Interview	3	▲ 2 (67%)
46	March	3	▲ new
47	라자루스	2	▲ new
48	PebbleDash	2	▲ new
49	hole	2	▲ new
50	NetWireRC	2	- 0 (0%)
51	recent	2	▲ 1 (50%)
52	AhnLab	2	- 0 (0%)
53	한국	2	▲ new
54	GitHub	2	▼ -1 (-50%)
55	Asia	2	▲ new
56	C2	2	▲ 1 (50%)
57	From	2	▲ new
58	그룹	2	- 0 (0%)
59	golangghost	2	▲ new
60	contagiousinterview	2	▲ new
61	intelligence	2	- 0 (0%)
62	Twitter	2	▲ 1 (50%)
63	CISA	2	▲ new
64	LPEClient	2	▲ new
65	Group	2	▼ -1 (-50%)
66	MacOS	2	▲ new
67	IoC	2	▼ -1 (-50%)
68	Expands	2	▲ new
69	있다	2	▲ new
70	trend	2	▲ 1 (50%)
71	Ransomware	2	▼ -2 (-100%)
72	SECUI	1	- 0 (0%)
73	AhnLabSecuInfo	1	▲ new
74	Ucraina	1	- 0 (0%)
75	보고서	1	▲ new
76	동향	1	▲ new
77	Japan	1	▼ -1 (-100%)
78	Sea Turtle	1	▲ new
79	LOTUS PANDA	1	▲ new
80	httpstcoZ	1	▲ new
81	Android	1	- 0 (0%)
82	Sandworm	1	▲ new
83	자금	1	▲ new
84	Cobalt Strike	1	- 0 (0%)
85	APT41	1	- 0 (0%)
86	North K	1	▲ new
87	Black Basta	1	▲ new
88	추적	1	▲ new
89	APT28	1	▲ new
90	바이	1	▲ new
91	비트	1	▲ new
92	RedEcho	1	▲ new
93	OilRig	1	▲ new
94	VMware	1	▲ new
95	powershell	1	▼ -1 (-100%)
96	LockBit	1	▲ new
97	lazarusapt	1	▲ new
98	DarkWeb	1	- 0 (0%)
99	cyberespionage	1	▲ new
100	toolset	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
NetWireRC		2 (12.5%)
LPEClient		2 (12.5%)
Ransomware		2 (12.5%)
Black Basta		1 (6.3%)
LockBit		1 (6.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		47 (82.5%)
Kimsuky		3 (5.3%)
라자루스		2 (3.5%)
LOTUS PANDA		1 (1.8%)
Sandworm		1 (1.8%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		22 (31.4%)
hacking		12 (17.1%)
ClickFix		10 (14.3%)
APT		7 (10%)
Backdoor		6 (8.6%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
North Korea		26 (33.3%)
South Korea		11 (14.1%)
dprk		8 (10.3%)
Kaspersky		6 (7.7%)
United States		6 (7.7%)

Threat info

Last 5

SNS

(Total : 26)

Total keyword

Lazarus North Korea Campaign dprk APT ClickFix attack Malware Report Operation Update Exploit target Kaspersky South Korea C2 c&c AhnLab SECUI 보고서 Konni Kimsuky GitHub Spear Phishing Government Supply chain hacking LPEClient Software Browser apt38 AppleJeus Password TraderTraitor northkorea IOCs Attacker ...

No	Title	Date
1	Cyber_OSINT @Cyber_O51NT In March 2025, NSFOCUS reported 19 APT attacks primarily targeting government agencies in South Asia and East Asia, with spear phishing accounting for 79% of incidents, highlighting the ongoing threat from groups like Bitter and Lazarus. #CyberSecurity https://t.co/EcOmYPGKC4	2025.04.27
2	blackorbird @blackorbird The evolution of Lazarus malware & C2 Infrastructure Update https://t.co/30TBuYQsxA https://t.co/AKtTQ1r9Yp	2025.04.25
3	Pierluigi Paganini - Security Affairs @securityaffairs #Operation #SyncHole: #Lazarus #APT targets supply chains in South Korea https://t.co/no9kADXZIW #securityaffairs #hacking #malware @kaspersky @Kaspersky_ru @e_kaspersky	2025.04.25
4	Cyber_OSINT @Cyber_O51NT Cybersecurity experts have reported that the Lazarus group’s “Operation SyncHole” has compromised six South Korean organizations through sophisticated watering hole attacks and software vulnerabilities since November 2024. #CyberSecurity #LazarusAPT https://t.co/9Tz0rfj15Y	2025.04.24
5	lazarusholic @lazarusholic "Lazarus APT updates its toolset in watering hole attacks" published by @Kaspersky. #Innorix, #LPEClient, #Lazarus, #SIGNBT, #SyncHole, #ThreatNeedle, #AGAMEMNON, #CrossEX, #DPRK, #CTI https://t.co/bLRNQvZvWb	2025.04.24

News

(Total : 21)

Total keyword

Lazarus North Korea Malware Campaign hacking Report Cryptocurrency South Korea Software United States Distribution Vulnerability Windows Backdoor Attacker 북한 ClickFix ZeroDay Kaspersky Social Engineering Update United Kingdom Victim Phishing Education intelligence 한국 CISA Ransomware Operation Kimsuky 라자루스 NetWireRC c&c Twitter Black Basta DarkWeb US Japan VMware powershell Ucraina Android LockBit Sea Turtle RedEcho LOTUS PANDA LPEClient target RATel Volgmer Malicious Traffic Sandworm IoC RSA Conference Maze Bankshot UNIX attack 해킹 소프트웨어 Exploit EDR Microsoft WannaCry APT41 AhnLab 악성코드 Downloader iCloud RAT Java GitHub BLINDINGCAN schtasks China ...

No	Title	Date
1	북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행 - 데일리시큐	2025.04.27
2	North Korean cyberespionage facilitated by bogus US firms, crackdown underway - Malware.News	2025.04.25
3	New Lazarus campaign hits South Korea - Malware.News	2025.04.25
4	Rolling in the Deep(Web): Lazarus Tsunami - HiSolutions / Nicolas Sprenger / malpedia	2025.04.25
5	Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware - The Hacker News	2025.04.24

Additional information

No	Title	Date
1	Top Tier Target \| What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News	2025.04.28
2	28th April – Threat Intelligence Report - Malware.News	2025.04.28
3	Navigating Through The Fog - Malware.News	2025.04.28
4	Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology	2025.04.28
5	Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News	2025.04.26
View only the last 5

No	Title	Date
1	북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행 - 데일리시큐	2025.04.27
2	Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware - The Hacker News	2025.04.24
3	Operation SyncHole: Lazarus APT goes back to the well - Malware.News	2025.04.24
4	Operation SyncHole: Lazarus APT goes back to the well - Malware.News	2025.04.24
5	[긴급] 북 라자루스 해킹그룹, 이노릭스 제로데이 악용해 한국 타깃 공급망 공격 시도 - 데일리시큐	2025.04.24
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	Winvoke.exe Lazarus Generic Malware PE64 PE File OS Processor Check GIF Format	f4d46629ca15313b94992f3798718df7	12352	2021.06.16

Level	Description
danger	File has been identified by 49 AntiVirus engines on VirusTotal as malicious
watch	Installs itself for autorun at Windows startup
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
notice	Creates executable files on the filesystem
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Sends data using the HTTP POST Method
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No	Category	URL	CC	ASN Co	Date
1	c2	https://blockchain-newtech.com/download/download.asp			2023.10.10

No	URL	CC	ASN Co	Reporter	Date
1	https://api.camdrivers.cloud/linux.update Lazarus zip	US	NAMECHEAP-NET	NDA0E	2025.03.04
2	https://api.camdrivers.cloud/linux-al2i.sh Lazarus sh ua-curl	US	NAMECHEAP-NET	NDA0E	2025.03.04
3	https://api.drivercamhub.cloud/linux-al2i.sh Lazarus	US	ADVANTAGECOM	lontze7	2025.02.27
4	http://45.43.11.201:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	Packet Flip, LLC	DaveLikesMalwre	2024.12.12
5	http://147.124.197.138:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	AC-AS-1	DaveLikesMalwre	2024.12.12
View only the last 5

Beta Service, If you select keyword, you can check detailed information.