NSFOCUS' March 2025 APT briefing includes several DPRK relevant observations within a broader monthly threat roundup. For East Asia, it notes Konni as one of the more active groups and describes APT37 using Korean military magazine themed phishing files, while Lazarus reportedly used a file upload vulnerability to compromise a Korean web server and install follow-on payloads. The key events table also cites Lazarus use of the ClickFix tactic against cryptocurrency industry professionals. The report should be treated as a broad situational roundup, with the DPRK value limited to these Lazarus, APT37 and Konni references rather than the unrelated South Asia, Eastern Europe and South America sections.