The most commonly used attack method by the North Korean hacker group Lazarus in the past year is targeted phishing

The report "2025 Cyber Threat Trends and 2026 Security Outlook" released by AhnLab shows that the North Korean-backed hacker group Lazarus has been named the most frequently in the past 12 months, primarily using "spear phishing" to carry out attacks, often disguising themselves as seminar invitations, interview requests, and other emails to lure targets into opening attachments. The report states that Lazarus is considered the main suspect in several major attacks, including the Bybit hacking incident on February 21 this year (resulting in a loss of $1.4 billion) and the recent $30 million vulnerability attack on the South Korean exchange Upbit.

AhnLab indicates that to enhance security, companies need to establish a multi-layered defense system, including regular security audits, timely patch updates, and strengthening employee education. The company also recommends that individual users employ multi-factor authentication, handle unknown links and attachments with caution, avoid excessive exposure of personal information, and only download content from official channels. AhnLab points out that with the widespread use of AI applications, attackers will find it easier to generate indistinguishable phishing emails, spoofed pages, and deepfake content, and related threats may further complicate in the future. (Cointelegraph)