2025年度全球APT威胁研究报告.pdf (10 MB)

The 2025 global APT review describes a broader rise in state-sponsored cyber activity across government, defense, technology, finance, education, and research targets. Its DPRK-relevant sections cite APT-C-26, identified as Lazarus, in fake interview operations and open-source repository supply-chain attacks using GitHub and NPM. The report also says Lazarus and APT-C-47 used large language models for deepfakes, fake interviews, and meeting invitations, increasing the precision and interactivity of social engineering. These details matter for DPRK tracking because they place Lazarus activity within two major 2025 trends: abuse of open-source trust mechanisms and AI-enabled lure development.