The Korean conference talk by a Zscaler APT researcher focuses on why North Korean cyber attribution is difficult and why analysts should not begin with a fixed actor assumption. The speaker warns that IP addresses, VPNs, reused infrastructure, planted false signals, and media focus on attribution can distort CTI analysis if technical evidence is not evaluated first. The excerpt frames DPRK activity as an expanding ecosystem, noting reported growth in cyber-force numbers, the surge of Lazarus activity around 2018, and changes in malware and targeting that can reveal team reorganization or borrowed tradecraft. The talk uses North Korea-linked cases to show how tooling shifts, macOS targeting, and overlap between groups complicate precise cluster boundaries.