eset-apt-activity-report-q2-2025-q3-2025.pdf (1 MB)

ESET’s Q2–Q3 2025 APT activity report says North Korea-aligned actors targeted the cryptocurrency sector and expanded operations to Uzbekistan, a country ESET had not previously observed in their scope. The DPRK-relevant activity includes campaigns by DeceptiveDevelopment, Lazarus, Kimsuky, and Konni aimed at espionage, advancing Pyongyang’s geopolitical priorities, and generating revenue for the regime. Kimsuky experimented with ClickFix against diplomatic entities, South Korean think tanks, and academia, while Konni used social engineering with an unusual focus on macOS systems. The excerpt places these findings within a broader multi-actor APT landscape but the core DPRK significance is the mix of crypto targeting, regional expansion, and evolving social-engineering tradecraft.