The Springer study analyzes DPRK cyber activity by mining more than 2,000 public reports from 2009 through May 2024. It clusters vendor naming conventions into 160 actor code names, maps those names into seven widely recognized DPRK threat groups, and extracts 154 notable incidents with motivation and target-sector context. The paper frames DPRK operators as global espionage and financially motivated actors whose activity extends beyond South Korea into ransomware, cryptocurrency theft, and other operations. Its dataset is intended to help researchers reconcile aliases, incidents, and public CTI reporting on North Korean state-sponsored activity.