The most common attack method used by the North Korean hacking group Lazarus over the past year has been targeted phishing.

According to ChainCatcher, AhnLab's "2025 Cyber Threat Trends and 2026 Security Outlook" report indicates that the North Korean-backed hacking group Lazarus was the most frequently mentioned in the past 12 months. They primarily use spear-phishing attacks, often disguising emails as lecture invitations or interview requests to lure targets into opening downloads. The report states that Lazarus is considered the primary suspect in several major attacks, including the Bybit hack on February 21st of this year (resulting in a $1.4 billion loss) and the recent $30 million vulnerability attack on the South Korean exchange Upbit.

AhnLab states that to improve security, enterprises need to establish multi-layered protection systems, including regular security audits, timely patch updates, and enhanced employee training. The company also recommends that individual users use multi-factor authentication, exercise caution when handling unknown links and attachments, avoid excessive exposure of personal information, and only download content from official channels. AhnLab points out that with the increasing prevalence of AI applications, attackers will find it easier to generate indistinguishable phishing emails, spoofed pages, and deepfake content, potentially leading to further complex threats in the future. (Cointelegraph)