The most common attack method used by the North Korean hacking group Lazarus over the past year has been targeted phishing.

According to AhnLab's "2025 Cyber Threat Trends and 2026 Security Outlook" report, Lazarus, a North Korean-backed hacking group, was the most frequently mentioned in the past 12 months. They primarily use spear-phishing attacks, often disguising emails as lecture invitations or interview requests to lure targets into opening their accounts. The report states that Lazarus is considered the primary suspect in several major attacks, including the Bybit hack on February 21st of this year (which resulted in a $1.4 billion loss) and the recent $30 million vulnerability attack on the South Korean exchange Upbit.

AhnLab states that to improve security, enterprises need to establish multi-layered protection systems, including regular security audits, timely patch updates, and enhanced employee training. The company also recommends that individual users use multi-factor authentication, exercise caution when handling unknown links and attachments, avoid excessive exposure of personal information, and only download content from official channels. AhnLab points out that with the increasing prevalence of AI applications, attackers will find it easier to generate indistinguishable phishing emails, spoofed pages, and deepfake content, potentially leading to further complex threats in the future. (Cointelegraph)