North Korean state-backed hackers, the Lazarus Group, primarily employed spear phishing assaults to steal funds over the past 12 months, with the group receiving essentially the most mentions in post-hack analyses over the past 12 months, in line with South Korean cybersecurity firm AhnLab.
Spear phishing is among the hottest strategies of assault by dangerous actors like Lazarus, utilizing faux emails, “disguised as lecture invites or interview requests,” AhnLab analysts stated within the Nov. 26, 2025, Cyber Menace Tendencies & 2026 Safety Outlook report.
The Lazarus Group is the principle suspect behind many assaults throughout many sectors, together with crypto, with the hackers suspected to be accountable for the $1.4 billion Bybit hack on Feb. 21 and the newer $30 million exploit of the South Korean crypto change Upbit on Thursday.
Easy methods to defend your self from spear phishing
Spear phishing assaults are a focused type of phishing the place hackers analysis their meant goal to assemble data and masquerade as a trusted sender, thereby stealing a sufferer’s credentials, putting in malware, or getting access to delicate programs.
Cybersecurity agency Kaspersky recommends the next strategies to guard in opposition to spear phishing: utilizing a VPN to encrypt all on-line exercise, avoiding the sharing of extreme private particulars on-line, verifying the supply of an electronic mail or communication by an alternate channel, and, the place potential, enabling multifactor or biometric authentication.
‘Multi-layered protection’ wanted to fight dangerous actors
The Lazarus Group has focused the crypto house, finance, IT and protection, in line with AhnLab, and was additionally essentially the most regularly talked about group in after-hack evaluation between October 2024 and September 2025 this 12 months, with 31 disclosures.
Fellow North Korean-linked hacker outfit Kimsuky was subsequent with 27 disclosures, adopted by TA-RedAnt with 17.
AhnLab stated a “multi-layered protection system is important” for firms hoping to curb assaults, akin to common safety audits, conserving software program updated with the most recent patches and training for workers members on varied assault vectors.
Associated: CZ’s Google account focused by ‘government-backed’ hackers
In the meantime, the cybersecurity firm recommends people undertake multifactor authentication, preserve all safety software program updated, keep away from operating unverified URLs and attachments, and solely obtain content material from verified official channels.
AI will make dangerous actors more practical
Going into 2026, AhnLab warned that new applied sciences, akin to synthetic intelligence, will solely make dangerous actors extra environment friendly and their assaults extra subtle.
Attackers are already able to utilizing AI to create phishing web sites and emails which might be troublesome to differentiate with the bare eye, AhnLab stated, however AI can “produce varied modified codes to evade detection,” and make spear phishing extra environment friendly by deepfakes.
“With the latest improve in using AI fashions, deepfake assaults, akin to people who steal immediate knowledge, are anticipated to evolve to a stage that makes it troublesome for victims to determine them. Specific consideration can be required to forestall leaks and to safe knowledge to forestall them.”
Journal: 2026 is the 12 months of pragmatic privateness in crypto: Canton, Zcash and extra
