Tencent Yujian’s 2018 APT research report is a broad landscape review, but its DPRK-relevant sections identify Lazarus, Group123/APT37, and SYSCON/KONNI activity. Tencent lists Lazarus among actors targeting North America, describing it as active against U.S. financial and government targets, references Tencent’s earlier reporting on Lazarus use of Flash `CVE-2018-4878`, and states in the zero-day section that Lazarus used `CVE-2018-4878` against South Korean targets after the in-the-wild activity was first disclosed by KR-CERT. The report also lists Group123/APT37 as active in East and Southeast Asia, with 2018 attacks against South Korea, Japan, Vietnam, and other countries. In its technical-trends section, Tencent cites `SYSCON/KONNI` as an example of APT actors using public/open-source tools, specifically the open-source `babyface` Trojan and a headless TeamViewer remote-control tool, while broader trends include spear-phishing, Office lure documents, fileless execution, social-platform C2 hosting, and multi-platform attacks.