THALES_THREAT_HANDBOOK_2022.pdf (17 MB)

Thales' 2022 Cyber Threat Handbook profiles North Korea's cyber apparatus as a Bureau 121-centered ecosystem rather than a single monolithic Lazarus actor. The DPRK section links Lazarus to espionage and destabilization operations, cites the Sony Pictures attack and WannaCry attribution, and breaks out subgroups including APT38/Bluenoroff for financially motivated operations. It describes APT38's evolution from SWIFT-focused bank theft to cryptocurrency and ransomware-related activity, with examples including Bangladesh Bank, TPBank, Bancomext, Banco de Chile, Far Eastern International Bank, WannaCry, Dream Job, TraderTraitor, and Operation In(ter)ception. The handbook also notes DPRK cyber operations against South Korea, critical infrastructure, finance, media, manufacturing, healthcare, energy, and government targets, framing them as a tool for sanctions evasion, intelligence collection, and regime objectives.