Cisco Talos reports that North Korean cyber operations in 2025 relied heavily on social engineering and insider access for both financial theft and espionage. The North Korea section highlights Contagious Interview activity by Famous Chollima, where fake recruiters from legitimate companies persuaded targets to execute code or provide credentials. Talos says the resulting access enabled cryptocurrency theft, data exfiltration, and persistence, while separate North Korean activity included a $1.5 billion cryptocurrency heist. The report also notes that thousands of IT workers used stolen identities and AI-generated profiles to obtain roles at Fortune 500 companies, generating revenue for North Korea’s weapons programs. For defenders, the DPRK-relevant lesson is that identity security, hiring-process scrutiny, and visibility into long-lived access paths are central to reducing risk.