Inside dprk operations: new lazarus and kimsuky infrastructure uncovered across global campaigns

Intel Name: Inside dprk operations: new lazarus and kimsuky infrastructure uncovered across global campaigns

Date of Scan: December 26, 2025

Impact: High

Summary:
North Korean state-sponsored threat actors, including Lazarus and Kimsuky, continue to operate at a global scale, conducting espionage, financial crime, and access-driven attacks. While their malware, lures, and objectives evolve, these groups consistently reuse infrastructure such as IP addresses, certificates, open directories, and shared tooling. By pivoting across infrastructure indicators, multiple seemingly separate incidents were linked, exposing a broader, interconnected DPRK activity network. This infrastructure-centric analysis highlights persistent operational patterns that make DPRK campaigns trackable despite ongoing changes in tactics and malware.

More Details