McAfee and Intezer analyzed code reuse among malware families and campaigns publicly associated with North Korea, including Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain. The excerpt says the researchers used Intezer code-similarity analysis to map unique code relationships across DPRK-associated malware while excluding common libraries from the similarity graph. It frames the activity in two DPRK mission sets—financial operations for foreign currency and nationalist or intelligence campaigns linked in the report to Units 180 and 121—and notes SWIFT malware containing a Macau bank as a recipient of stolen funds. The value for defenders is clustering DPRK tooling over time through shared code, infrastructure, and artifacts found inside binaries rather than relying only on campaign names.