Google Threat Intelligence Group counted 75 zero-day vulnerabilities exploited in the wild in 2024 and noted a continued shift toward enterprise-focused products, especially security and networking technologies. Within attributed exploitation, GTIG says North Korean actors exploited five 2024 zero-days, the same number it attributed to PRC backed groups, and characterized the DPRK activity as a mix of espionage and financially motivated operations. The excerpt does not provide individual DPRK case details, so the DPRK-specific takeaway is the attribution count and the overlap between state and financial objectives. The broader defensive implication is that enterprise product exploitation remains a growing target area for capable actors.