Intezer surveys the rise of Linux-targeting APT campaigns and identifies North Korea as one of the major nation-state origins, alongside China, Russia, and the United States, in documented Linux espionage tooling from the prior decade. The source does not detail a specific Lazarus or DPRK intrusion chain, but it places North Korean activity within a broader trend of APTs porting Windows tooling to Linux or building cross-platform malware as Linux adoption grows across servers, cloud, and IoT. The report’s defensive takeaway is that Linux systems require dedicated visibility and runtime protection because offensive Linux capabilities are becoming more common and sophisticated across nation-state actors.