Cyber Threat Trends

Summary: 2025/04/28 19:58

First reported date: 2016/02/24
Inquiry period : 2025/04/21 19:58 ~ 2025/04/28 19:58 (7 days), 18 search results

전 기간대비 67% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Lazarus Campaign Malware Report North Korea 입니다.
악성코드 유형 LPEClient RATel Bankshot Volgmer NetWireRC Black Basta Ransomware LockBit Maze 도 새롭게 확인됩니다.
공격자 OilRig APT28 LOTUS PANDA Sandworm 도 새롭게 확인됩니다.
공격기술 hacking Backdoor Exploit Phishing Social Engineering 해킹 도 새롭게 확인됩니다.
기관 및 기업 South Korea Kaspersky United States CISA Government US 한국 Ucraina Japan United Kingdom Microsoft 도 새롭게 확인됩니다.
기타 attack Software Operation Update South 등 신규 키워드도 확인됩니다.

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/27 북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행
    ㆍ 2025/04/25 New Lazarus campaign hits South Korea
    ㆍ 2025/04/25 North Korean cyberespionage facilitated by bogus US firms, crackdown underway

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Lazarus	18	▲ 12 (67%)
2	Campaign	12	▲ 10 (83%)
3	Malware	10	▲ 9 (90%)
4	South Korea	8	▲ new
5	Report	7	▲ 6 (86%)
6	North Korea	7	▲ 4 (57%)
7	attack	6	▲ new
8	Software	6	▲ new
9	hacking	6	▲ new
10	Kaspersky	6	▲ new
11	Operation	5	▲ new
12	Update	4	▲ new
13	South	4	▲ new
14	Distribution	4	▲ new
15	Vulnerability	4	▲ new
16	ZeroDay	4	▲ new
17	United States	4	▲ new
18	SyncHole	4	▲ new
19	Cryptocurrency	3	▲ new
20	Korean	3	▲ new
21	APT	3	▲ 1 (33%)
22	PebbleDash	2	▲ new
23	target	2	▲ new
24	Asia	2	▲ new
25	amp	2	▲ new
26	공격	2	▲ new
27	Backdoor	2	▲ new
28	LPEClient	2	▲ new
29	Exploit	2	▲ new
30	CISA	2	▲ new
31	c&c	2	▲ 1 (50%)
32	March	2	▲ new
33	hole	2	▲ new
34	Victim	2	▲ new
35	Phishing	2	▲ new
36	Kimsuky	2	▲ 1 (50%)
37	Supply chain	1	▲ new
38	dprk	1	▼ -2 (-200%)
39	crossex	1	▲ new
40	agamemnon	1	▲ new
41	threatneedle	1	▲ new
42	signbt	1	▲ new
43	Government	1	▲ new
44	NSFOCUS	1	▲ new
45	innorix	1	▲ new
46	Ex	1	▲ new
47	Windows	1	▲ new
48	UNIX	1	▲ new
49	RATel	1	▲ new
50	Bankshot	1	▲ new
51	cti	1	▼ -2 (-200%)
52	레이	1	▲ new
53	싱크홀	1	▲ new
54	Korea	1	▲ new
55	Firms	1	▲ new
56	DeepWeb	1	▲ new
57	Tsunami	1	▲ new
58	evolution	1	▲ new
59	C2	1	- 0 (0%)
60	North	1	▲ new
61	cyberespionage	1	▲ new
62	securityaffairs	1	▲ new
63	bogus	1	▲ new
64	US	1	▲ new
65	한국	1	▲ new
66	toolset	1	▲ new
67	금융	1	▲ new
68	통신	1	▲ new
69	Volgmer	1	▲ new
70	APT41	1	▲ new
71	EDR	1	▲ new
72	OilRig	1	▲ new
73	Cobalt Strike	1	▲ new
74	NetWireRC	1	▲ new
75	North K	1	▲ new
76	Black Basta	1	▲ new
77	VMware	1	▲ new
78	powershell	1	▲ new
79	Ucraina	1	▲ new
80	Ransomware	1	▲ new
81	APT28	1	▲ new
82	Android	1	▲ new
83	Social Engineering	1	▲ new
84	LockBit	1	▲ new
85	Sea Turtle	1	▲ new
86	RedEcho	1	▲ new
87	LOTUS PANDA	1	▲ new
88	Japan	1	▲ new
89	DarkWeb	1	▲ new
90	United Kingdom	1	▲ new
91	Sandworm	1	▲ new
92	Malicious Traffic	1	▲ new
93	Microsoft	1	▲ new
94	IoC	1	▲ new
95	RSA Conference	1	▲ new
96	Maze	1	▲ new
97	lazarusapt	1	▲ new
98	그룹	1	- 0 (0%)
99	Education	1	▲ new
100	해킹	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
LPEClient		2 (20%)
RATel		1 (10%)
Bankshot		1 (10%)
Volgmer		1 (10%)
NetWireRC		1 (10%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		18 (72%)
Kimsuky		2 (8%)
OilRig		1 (4%)
APT28		1 (4%)
LOTUS PANDA		1 (4%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		12 (40%)
hacking		6 (20%)
APT		3 (10%)
Backdoor		2 (6.7%)
Exploit		2 (6.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
South Korea		8 (22.2%)
North Korea		7 (19.4%)
Kaspersky		6 (16.7%)
United States		4 (11.1%)
CISA		2 (5.6%)

Threat info

Last 5

SNS

(Total : 7)

Total keyword

Lazarus Campaign attack Operation APT Malware Update Report South Korea Kaspersky Government c&c C2 Supply chain Spear Phishing hacking Phishing dprk North Korea LPEClient Software Exploit Browser target

No	Title	Date
1	Cyber_OSINT @Cyber_O51NT In March 2025, NSFOCUS reported 19 APT attacks primarily targeting government agencies in South Asia and East Asia, with spear phishing accounting for 79% of incidents, highlighting the ongoing threat from groups like Bitter and Lazarus. #CyberSecurity https://t.co/EcOmYPGKC4	2025.04.27
2	blackorbird @blackorbird The evolution of Lazarus malware & C2 Infrastructure Update https://t.co/30TBuYQsxA https://t.co/AKtTQ1r9Yp	2025.04.25
3	Pierluigi Paganini - Security Affairs @securityaffairs #Operation #SyncHole: #Lazarus #APT targets supply chains in South Korea https://t.co/no9kADXZIW #securityaffairs #hacking #malware @kaspersky @Kaspersky_ru @e_kaspersky	2025.04.25
4	Cyber_OSINT @Cyber_O51NT Cybersecurity experts have reported that the Lazarus group’s “Operation SyncHole” has compromised six South Korean organizations through sophisticated watering hole attacks and software vulnerabilities since November 2024. #CyberSecurity #LazarusAPT https://t.co/9Tz0rfj15Y	2025.04.24
5	lazarusholic @lazarusholic "Lazarus APT updates its toolset in watering hole attacks" published by @Kaspersky. #Innorix, #LPEClient, #Lazarus, #SIGNBT, #SyncHole, #ThreatNeedle, #AGAMEMNON, #CrossEX, #DPRK, #CTI https://t.co/bLRNQvZvWb	2025.04.24

News

(Total : 11)

Total keyword

Lazarus Malware Campaign North Korea South Korea hacking Software Report Vulnerability United States Kaspersky Distribution ZeroDay Attacker Cryptocurrency Victim Operation Update Kimsuky CISA Backdoor Malicious Traffic United Kingdom EDR LPEClient Volgmer Bankshot RATel UNIX Windows target Ucraina c&c Exploit attack US 한국 Microsoft RSA Conference IoC Sandworm Android Social Engineering LockBit powershell VMware Black Basta Sea Turtle RedEcho LOTUS PANDA Japan Ransomware DarkWeb APT41 Phishing APT28 Education OilRig 북한 NetWireRC Cobalt Strike 소프트웨어 라자루스 해킹 Maze

No	Title	Date
1	북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행 - 데일리시큐	2025.04.27
2	North Korean cyberespionage facilitated by bogus US firms, crackdown underway - Malware.News	2025.04.25
3	New Lazarus campaign hits South Korea - Malware.News	2025.04.25
4	Rolling in the Deep(Web): Lazarus Tsunami - HiSolutions / Nicolas Sprenger / malpedia	2025.04.25
5	Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware - The Hacker News	2025.04.24

Additional information

No	Title	Date
1	Top Tier Target \| What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News	2025.04.28
2	28th April – Threat Intelligence Report - Malware.News	2025.04.28
3	Navigating Through The Fog - Malware.News	2025.04.28
4	Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology	2025.04.28
5	Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News	2025.04.26
View only the last 5

No	Title	Date
1	북한 라자루스, 한국 금융·IT·통신 분야 겨냥한 ‘오퍼레이션 싱크홀’ 공격 감행 - 데일리시큐	2025.04.27
2	Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware - The Hacker News	2025.04.24
3	Operation SyncHole: Lazarus APT goes back to the well - Malware.News	2025.04.24
4	Operation SyncHole: Lazarus APT goes back to the well - Malware.News	2025.04.24
5	[긴급] 북 라자루스 해킹그룹, 이노릭스 제로데이 악용해 한국 타깃 공급망 공격 시도 - 데일리시큐	2025.04.24
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	Winvoke.exe Lazarus Generic Malware PE64 PE File OS Processor Check GIF Format	f4d46629ca15313b94992f3798718df7	12352	2021.06.16

Level	Description
danger	File has been identified by 49 AntiVirus engines on VirusTotal as malicious
watch	Installs itself for autorun at Windows startup
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
notice	Creates executable files on the filesystem
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Sends data using the HTTP POST Method
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No	Category	URL	CC	ASN Co	Date
1	c2	https://blockchain-newtech.com/download/download.asp			2023.10.10

No	URL	CC	ASN Co	Reporter	Date
1	https://api.camdrivers.cloud/linux.update Lazarus zip	US	NAMECHEAP-NET	NDA0E	2025.03.04
2	https://api.camdrivers.cloud/linux-al2i.sh Lazarus sh ua-curl	US	NAMECHEAP-NET	NDA0E	2025.03.04
3	https://api.drivercamhub.cloud/linux-al2i.sh Lazarus	US	ADVANTAGECOM	lontze7	2025.02.27
4	http://45.43.11.201:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	Packet Flip, LLC	DaveLikesMalwre	2024.12.12
5	http://147.124.197.138:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	AC-AS-1	DaveLikesMalwre	2024.12.12
View only the last 5

Beta Service, If you select keyword, you can check detailed information.