全球高级持续性威胁APT2023年中报告.pdf (15 MB)

Qianxin's 2023 midyear APT report says its telemetry saw Lazarus among the foreign APT groups communicating with suspected compromised IP addresses in China during the first half of 2023. The report places Lazarus at about 6% of suspected controlled domestic IPs and notes that Lazarus, Bitter, Manlinghua, Rattlesnake, and other groups used dispersed C2 infrastructure and frequent C2 changes. It also says Kimsuky appeared in 8.8% of the public APT reports Qianxin collected and Group123 in 7.4%, putting DPRK-linked actors among the most frequently mentioned groups in that dataset. The DPRK relevance is one measured part of a broader global APT survey, not a standalone Lazarus case study.