South Korean police accused a data-recovery company of colluding with suspected Lazarus operators under North Korea’s Reconnaissance General Bureau to profit from ransomware victims. Investigators said the company collected about 3.4 billion won from 778 victims between October 2018 and September 2022 by advertising recovery services for ransomware it allegedly knew in advance how to handle. The source says police obtained Telegram and email evidence showing prior coordination with the hackers, including manuals for recovery and instructions that victims should pay Bitcoin to attacker wallets. Some wallets reportedly matched addresses identified in a joint US-ROK cybersecurity advisory as North Korean hacker infrastructure, with at least 4.7 million won confirmed as transferred to those wallets while broader laundering flows remained under investigation.