December 2025 APT Group Trends

**Executive Summary:** The report details North Korean APT activity that leverages fraudulent remote‑work recruitment and hardware/firmware techniques (PiKVM) to gain persistent access to corporate networks, and documents Lazarus Group use of a WinRAR ADS path traversal (CVE-2025-8088) to deliver a multi‑stage Python loader and the Blank Grabber infostealer that exfiltrates browser credentials, messaging tokens, and cryptocurrency wallet seed phrases.