The most frequently used attack method by North Korean hacker group Lazarus in the past year was targeted phishing.

ChainCatcher News, According to the "2025 Cyber Threat Trends and 2026 Security Outlook" report released by AhnLab, the North Korea-affiliated hacker group Lazarus was mentioned the most times in the past 12 months. The group mainly carries out attacks using "spear phishing," often disguising emails as lecture invitations, interview requests, and other lures to trick targets into opening attachments. The report states that Lazarus is considered the main suspect in several major attacks, including the exchange hack on February 21 this year (with losses of $1.4 billions) and a recent $30 million vulnerability attack on another exchange.

AhnLab stated that to enhance security, enterprises need to establish multi-layered defense systems, including regular security audits, timely patch updates, and strengthened employee education. The company also recommends that individual users use multi-factor authentication, handle unknown links and attachments with caution, avoid excessive exposure of personal information, and only download content from official channels. AhnLab pointed out that with the widespread adoption of AI applications, attackers will find it easier to generate hard-to-detect phishing emails, fake pages, and deepfake content, making related threats potentially more complex in the future.