NSFOCUS' 2021 APT yearbook analysis says Asia was a major focus for APT activity, with espionage and sensitive-information theft remaining dominant motives across tracked campaigns. The report highlights attribution uncertainty and notes Lazarus Group as a prominent example of false-flag or imitation risk, citing 70 public reports in 2021 and unusually large associated IOC counts: 12 IPs, 324 domains, 10 emails, 410 links, 1,129 hashes, and 5 vulnerabilities. In NSFOCUS' activity tracking from October 2020 to September 2021, Lazarus Group, APT37, and Kimsuky appeared among the ten most active monitored groups, with activity observed for more than six months. The DPRK-relevant value is the report's macro-level view of how Lazarus, APT37, and Kimsuky appeared in a broader APT intelligence corpus while warning that technical attribution can be distorted by masquerading and false-flag tradecraft.