AhnLab's April 2025 APT trend report summarizes multiple regional threat activities, including North Korean groups exploiting South Korean software ecosystems. It describes Konni spear-phishing campaigns impersonating Korean government agencies and delivering LNK and AutoIT-based malware to North Korean human-rights and NGO-related targets. It also summarizes Lazarus Operation SyncHole, a watering-hole campaign abusing Korean software vulnerabilities such as Innorix Agent and Cross EX to compromise at least six South Korean organizations in software, IT, finance, semiconductor manufacturing, and telecommunications. The report also covers separate China-linked activity, including APT41 infrastructure exposure involving Fortinet exploit scripts, encrypted web shells, and reconnaissance tooling.