Spear phishing is North Korean hackers’ top tactic: How to stay safe

New technologies, such as artificial intelligence, will only make bad actors more efficient and their attacks more sophisticated in 2026, cybersecurity company AhnLab predicts.

North Korean state-backed hackers, the Lazarus Group, primarily employed spear phishing attacks to steal funds over the last year, with the group receiving the most mentions in post-hack analyses over the last 12 months, according to South Korean cybersecurity company AhnLab.

Spear phishing is one of the most popular methods of attack by bad actors like Lazarus, using fake emails, “disguised as lecture invitations or interview requests,” AhnLab analysts said in the Nov. 26, 2025, Cyber ​​Threat Trends & 2026 Security Outlook report.

The Lazarus Group is the main suspect behind many attacks across many sectors, including crypto, with the hackers suspected to be responsible for the $1.4 billion Bybit hack on Feb. 21 and the more recent $30 million exploit of the South Korean crypto exchange Upbit on Thursday. 

Read more