m-trends-2025-en.pdf (4 MB)

Google's M-Trends 2025 is a broad incident-response trends report, but its DPRK-relevant sections flag North Korean citizens working as remote IT contractors under false identities to generate revenue for national interests. The report also notes increased targeting of Web3 technologies, including cryptocurrency and blockchain activity used for theft, laundering, and illicit financing, which overlaps with DPRK financial operations tracked elsewhere. Its wider findings place these issues in a threat landscape where stolen credentials became the second most common initial infection vector in Mandiant investigations, financial services were the top targeted industry, and cloud migrations or unsecured data stores created new access opportunities. The main defensive implication for DPRK tracking is stronger remote-worker vetting, insider-risk monitoring, FIDO2 authentication, and cloud logging across privileged systems.