PolySwarm’s 2022 recap catalogs North Korea-nexus threat activity across Lazarus Group, BlueNoroff, Reaper/APT37, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. Lazarus activity included TraderTraitor and AppleJeus cryptocurrency lures, fake job-offer campaigns, BadgerDAO and Ronin-linked thefts, Log4Shell exploitation against energy-sector targets, and signed macOS malware masquerading as Coinbase job material. The report also highlights BlueNoroff targeting cryptocurrency and DeFi companies, Reaper campaigns using GOLDBACKDOOR and Dolphin, Andariel’s Maui ransomware activity against healthcare, and Kimsuky operations using GoldDragon, BabyShark, Android malware, AppleSeed, and 38 North impersonation. The value of the recap is its actor-by-actor view of DPRK-linked espionage, financial theft, ransomware, and malware tradecraft observed during 2022.