Kudelski Security uses infrastructure analysis to show how analysts can cluster and revisit adversary networks over time, with a DPRK-relevant case study based on leaked North Korean IT worker PuTTY configuration data. The reconstructed infrastructure is assessed as possibly part of a wider network, potentially linked to Kaesong and ZTE references, although the article stresses that the purpose and exact North Korea relationship remain uncertain. The report recommends tagging uncertain infrastructure with explicit confidence levels, preserving historical DNS and telemetry pivots, and updating clusters as new overlaps appear. It also uses Lazarus as an example of how activity matrices can organize operators, operations, and infrastructure while warning that vendor naming conventions and attribution boundaries differ across intelligence sources.