North Korea’s state-backed hacking group Lazarus is suspected to have carried out at least 31 cyberattacks over the past year, according to a new report released Sunday by security firm AhnLab Inc.
The group topped the list of advanced persistent threat (APT) actors from October 2024 to September 2025. Another North Korean group, Kimsuky, followed closely with 27 recorded incidents.
AhnLab revealed that North Korea was behind 86 hacking cases, making it the most active cyber-threat source. China ranked second with 27 incidents, while Russia and India each recorded 18. Pakistan followed with 17 cases. Security analysts added that the actual number of attacks may be even higher, as APT groups are known for sophisticated methods designed to evade detection.
The report comes as suspicion grows that Lazarus was responsible for the recent 45 billion won (US$30.6 million) cryptocurrency theft from Upbit, South Korea’s largest crypto exchange. Investigators say the techniques used in the latest breach closely resemble those from a 2019 Lazarus-led attack, in which the group allegedly stole 58 billion won worth of Ethereum from the same platform.
Government and industry officials confirmed that authorities plan to conduct an on-site investigation at Upbit. Operator Dunamu said it verified the unauthorized transfer of 44.5 billion won in Solana-linked assets to an unknown wallet and pledged to compensate the full amount using its own reserves. Authorities say the similarities between the two incidents strengthen the belief that Lazarus is once again behind the heist.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
