[DigitalToday reporter Chi-gyu Hwang] Integrated security firm Logpresso said on Wednesday it has published a report titled "2025 Review of North Korea-linked APT Attack Analysis," which analyses North Korea-linked cyberattacks that occurred over the past year.

The report analysed real attack campaigns and and technical characteristics based on APT attack cases by four major North Korea-linked groups: Lazarus, Kimsuky, APT37 and Konni. It also includes structural changes in cyber threats targeting public institutions at home and abroad, the financial sector and companies, and the tasks stemming from those changes.

Seung-hoon Han, Logpresso's chief information security officer who led the analysis of North Korea APT-linked attacks, said "2025 was a year when cyberattacks became more intelligent and prolonged." He stressed that organisations need to reset their security strategies beyond simply adopting security solutions, and establish systems that can comprehensively analyse and respond to attack behaviour.

The report said the biggest feature of North Korea-linked cyberattacks in 2025 was that they moved away from simple intrusion methods and unfolded around long-term covert reconnaissance and step-by-step execution of attacks. Attackers avoided detection by not executing malware immediately, communicating periodically with C2 servers and downloading attack modules only when needed.

It said attackers continued to use documents and files impersonating defence and North Korea research institutes, the Financial Services Commission and the Financial Supervisory Service, card companies, security agencies and global IT firms to induce users to execute them. The report said the approach was a "trust-based attack" that directly targets security awareness and work processes inside organisations, and warned that such attacks could lead to management risks by leaking companies' critical information.

Bong-yeol Yang, Logpresso's chief executive, said cyberattacks are no longer only an IT department issue, but have become a key risk factor affecting corporate management and the broader national economy. He said attacks targeting the finance, public, energy and advanced technology industries could spread beyond data leaks to service disruptions, lower trust and regulatory risks, and called for pre-emptive responses.