A report indicates that North Korea's Lazarus hacking group is suspected of conducting at least 31 cyberattacks over the past year. This assessment emerges amid speculation linking the group to a recent breach at South Korean crypto exchange Upbit, resulting in losses of about $30.6 million. AhnLab's analysis ranks Lazarus as the top advanced persistent threat group.
According to a latest report from AhnLab Inc., North Korea's Lazarus group is linked to 31 cyberattack incidents from October 2024 to September 2025. This marks the highest number among advanced persistent threat (APT) groups, with another North Korea-backed group, Kimsuky, recording 27 cases. By country, North Korea led with 86 incidents, followed by China with 27, Russia and India each with 18, and Pakistan with 17.
AhnLab noted that the actual number of attacks may exceed reported figures due to the sophisticated methods employed by APT groups. The report was released shortly after a breach last week that drained around 45 billion won ($30.6 million) in cryptocurrency from South Korean exchange Upbit. Authorities stated that the techniques used in this heist resemble those in a 2019 attack where Lazarus allegedly stole 58 billion won worth of Ethereum from Upbit.
Amid these findings, Lazarus's operations are suspected as a funding mechanism for North Korea, prompting South Korean authorities to bolster cybersecurity measures. The report underscores the ongoing severity of international cyber threats from APT actors.