AhnLab's October 2025 APT trends report highlights North Korea-linked activity involving cryptocurrency theft, credential collection, reconnaissance, and remote-control operations. The DPRK-focused sections describe Famous Chollima campaigns against software developers, job seekers, cryptocurrency users, and Web3 targets using trojanized Node.js apps, malicious npm packages, fake interview lures, BeaverTail, OtterCookie, InvisibleFerret, OtterCandy, and malicious VS Code extensions. Reported TTPs include Bitbucket and npm delivery, Fiverr or Discord contact, ClickFake Interview and ClickFix-style lures, Socket.IO C2, clipboard and browser-wallet theft, keylogging, screenshots, file exfiltration, obfuscation with base64 and XOR, and virtual-environment checks. The report also covers a Kimsuky-linked Larva-25004 campaign against Korean organizations using VPN quotation-themed ZIP phishing, PDF disguise, COM server registration, RC4 and XOR encryption, HTTP POST C2, and AhnlabUpdate scheduled-task persistence for HttpTroy. These findings show DPRK-linked operations spanning both revenue-focused theft and strategic espionage against developers, crypto ecosystems, Korean organizations, and defense-related sectors.