{"id":18807,"date":"2025-12-01T19:45:00","date_gmt":"2025-12-01T19:45:00","guid":{"rendered":"https:\/\/www.coinspeaker.com\/fr\/?p=18807"},"modified":"2025-12-01T19:45:00","modified_gmt":"2025-12-01T19:45:00","slug":"spear-phishing-hackers-nord-coreens","status":"publish","type":"post","link":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/","title":{"rendered":"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025"},"content":{"rendered":"<h2>Lazarus, la signature invisible derri\u00e8re les plus gros hacks<\/h2>\n<p>En 2025, chaque fois qu&rsquo;un hack majeur \u00e9clate, le m\u00eame nom revient dans les rapports post-mortem : Lazarus.<\/p>\n<p>Le groupe soutenu par la Cor\u00e9e du Nord appara\u00eet en t\u00eate des analyses d&rsquo;incidents compil\u00e9es par la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 sud-cor\u00e9enne AhnLab entre octobre 2024 et septembre 2025, avec 31 mentions sur l&rsquo;ann\u00e9e.<\/p>\n<p>Derri\u00e8re les chiffres, la r\u00e9alit\u00e9 est simple : ce sont eux qui, le plus souvent, sont soup\u00e7onn\u00e9s d&rsquo;avoir <strong>siphonn\u00e9 les fonds<\/strong>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"474\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">8\/ Irys co-founder was hacked for ~$1.3M in July 2024 by Lazarus Group via email spear phishing campaign. <\/p>\n<p>From the theft address 70.8 ETH was deposited to a privacy protocol and another 338 ETH shortly after on July 31st.<br \/>0x600cd901d0407753c212ed17d8c6cae014ee300e<\/p>\n<p>By\u2026 <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/t.co\/RZvePtNA73\">pic.twitter.com\/RZvePtNA73<\/a><\/p>\n<p>&mdash; ZachXBT (@zachxbt) <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/zachxbt\/status\/1849071180411551777?ref_src=twsrc%5Etfw\">October 23, 2024<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Leurs op\u00e9rations ne se limitent plus \u00e0 un secteur pr\u00e9cis. Crypto, finance traditionnelle, IT, d\u00e9fense : les campagnes se superposent.<\/p>\n<p>Il y a notamment le <a href=\"https:\/\/www.coinspeaker.com\/fr\/crypto-en-danger-les-cyberattaques-nord-coreennes-repartent-a-la-hausse\/\">hack de 1,4 milliard de dollars de Bybit<\/a> en f\u00e9vrier et l&rsquo;attaque de 30 millions de dollars contre la plateforme sud-cor\u00e9enne Upbit. Dans une large partie de ces cas, un m\u00eame vecteur d&rsquo;entr\u00e9e est identifi\u00e9.<\/p>\n<p>Pas un 0-day hyper sophistiqu\u00e9. Un email.<\/p>\n<h2>Comment le spear-phishing force la porte des syst\u00e8mes<\/h2>\n<p>Le spear-phishing, c&rsquo;est du phishing sous st\u00e9ro\u00efdes. Au lieu d&rsquo;arroser des milliers d&rsquo;adresses avec un faux mail de banque g\u00e9n\u00e9rique, l&rsquo;attaquant choisit une cible pr\u00e9cise, collecte des informations publiques, recoupe LinkedIn, X, sites d&rsquo;entreprise, fuites de donn\u00e9es.<\/p>\n<p>Il apprend comment la personne \u00e9crit, qui sont ses interlocuteurs habituels, sur quels sujets elle est susceptible de r\u00e9pondre vite.<\/p>\n<p>Une fois ce d\u00e9cor plant\u00e9, le mail n&rsquo;a plus rien d&rsquo;absurde. Il peut venir d&rsquo;un \u00ab\u00a0journaliste\u00a0\u00bb qui cite un vrai article pass\u00e9, d&rsquo;un \u00ab\u00a0partenaire\u00a0\u00bb qui mentionne un call r\u00e9el, d&rsquo;un \u00ab\u00a0RH\u00a0\u00bb qui renvoie \u00e0 une offre d&#8217;emploi authentique.<\/p>\n<p>Ce qui change tout, c&rsquo;est le lien ou la pi\u00e8ce jointe : un document pi\u00e9g\u00e9, une page de login clon\u00e9e, parfois un simple site qui installe un <strong>malware discret<\/strong>.<\/p>\n<h2>Entreprises : la d\u00e9fense p\u00e9rim\u00e9trique ne suffit plus<\/h2>\n<p>AhnLab insiste sur un point que beaucoup d&rsquo;organisations pr\u00e9f\u00e8rent ignorer : on ne bloque pas Lazarus avec un simple antivirus et une formation annuelle PowerPoint.<\/p>\n<p>Le rapport parle de \u00ab\u00a0d\u00e9fense en couches\u00a0\u00bb, autrement dit, accepter que certaines attaques passeront la premi\u00e8re barri\u00e8re et pr\u00e9voir ce qui se passe apr\u00e8s.<\/p>\n<p>Concr\u00e8tement, cela veut dire revoir r\u00e9guli\u00e8rement ses configurations, ses acc\u00e8s, ses journaux d&rsquo;audit. Appliquer les correctifs de s\u00e9curit\u00e9 sans attendre des mois.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"474\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Kimsuky used AI deepfake-generated ID cards via ChatGPT to impersonate a South Korean defense institution in an APT spear-phishing attack.<a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/t.co\/15Tpl2AGHT\">https:\/\/t.co\/15Tpl2AGHT<\/a><a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/hashtag\/Kimsuky?src=hash&amp;ref_src=twsrc%5Etfw\">#Kimsuky<\/a> <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/hashtag\/ChatGPT?src=hash&amp;ref_src=twsrc%5Etfw\">#ChatGPT<\/a> <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/hashtag\/Deepfake?src=hash&amp;ref_src=twsrc%5Etfw\">#Deepfake<\/a> <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/t.co\/hjJuZlcQ53\">pic.twitter.com\/hjJuZlcQ53<\/a><\/p>\n<p>&mdash; CyberWar &#8211; \uc2f8\uc6cc (@cyberwar_15) <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/cyberwar_15\/status\/1967244446707400938?ref_src=twsrc%5Etfw\">September 14, 2025<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Segmenter les r\u00e9seaux pour qu&rsquo;un compte compromis ne donne pas les cl\u00e9s de toute l&rsquo;infrastructure. Surtout, former les \u00e9quipes sur des sc\u00e9narios r\u00e9alistes : un mail tr\u00e8s bien \u00e9crit envoy\u00e9 au bon moment fera plus de victimes qu&rsquo;un spam bourr\u00e9 de fautes.<\/p>\n<p>Lazarus n&rsquo;est pas seul. D&rsquo;autres groupes li\u00e9s \u00e0 la Cor\u00e9e du Nord, comme Kimsuky, apparaissent 27 fois dans les rapports d&rsquo;incidents analys\u00e9s par AhnLab.<\/p>\n<p>TA-RedAnt suit avec 17 mentions. Ce n&rsquo;est plus une s\u00e9rie de coups isol\u00e9s, mais une <strong>activit\u00e9 quasi industrielle<\/strong>, o\u00f9 chaque campagne alimente la suivante en donn\u00e9es vol\u00e9es, outils r\u00e9utilis\u00e9s et nouvelles pistes pour les attaquants.<\/p>\n<p>Et, autant que possible, ne t\u00e9l\u00e9charger qu&rsquo;\u00e0 partir de <a href=\"https:\/\/www.coinspeaker.com\/fr\/10-millions-ciblees-malwares-crypto\/\">canaux officiels<\/a>. Ce n&rsquo;est pas infaillible, mais cela \u00e9limine d\u00e9j\u00e0 une grande partie des tentatives opportunistes.<\/p>\n<h2>L&rsquo;IA et les deepfakes, prochain \u00e9tage de la fus\u00e9e en 2026<\/h2>\n<p>Le point le plus inqui\u00e9tant du rapport d&rsquo;AhnLab ne concerne pas 2025, mais ce qui arrive juste derri\u00e8re. Les analystes estiment que l&rsquo;intelligence artificielle va faire passer le spear-phishing \u00e0 un autre niveau.<\/p>\n<p>Non pas en \u00ab\u00a0inventant\u00a0\u00bb de nouvelles attaques, mais en rendant celles qui existent aujourd&rsquo;hui beaucoup plus efficaces.<\/p>\n<p>Les mod\u00e8les actuels savent d\u00e9j\u00e0 g\u00e9n\u00e9rer des mails propres, sans fautes, adapt\u00e9s au ton d&rsquo;une entreprise ou d&rsquo;un secteur. Ils peuvent aussi produire rapidement des variantes de code pour contourner les moteurs de d\u00e9tection.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"474\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">pretty convincing phishing scheme.  always take a minute and think before plugging in a password.  they almost got me <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/t.co\/1tILjpatcy\">pic.twitter.com\/1tILjpatcy<\/a><\/p>\n<p>&mdash; Casey Neistat (@Casey) <a rel=\"noopener noreferrer\" target=\"_blank\" rel=\"noopener nofollow sponsored\" href=\"https:\/\/twitter.com\/Casey\/status\/1867935950023884928?ref_src=twsrc%5Etfw\">December 14, 2024<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>AhnLab avertit surtout sur un glissement encore peu visible du grand public : l&rsquo;usage de deepfakes dans des attaques cibl\u00e9es, que ce soit pour usurper la voix d&rsquo;un dirigeant, manipuler une visio ou voler des donn\u00e9es via des prompts d\u00e9tourn\u00e9s.<\/p>\n<p>Dans ce contexte, la fronti\u00e8re entre un mail suspect et une vraie demande interne devient plus floue. Un faux message vocal ou une vid\u00e9o synth\u00e9tique ajout\u00e9e \u00e0 un mail \u00ab\u00a0urgent\u00a0\u00bb p\u00e8se beaucoup plus lourd psychologiquement qu&rsquo;un simple texte.<\/p>\n<p>Le rapport parle d&rsquo;attaques qui atteindront un niveau o\u00f9 l&rsquo;\u0153il humain seul ne suffira plus \u00e0 rep\u00e9rer l&rsquo;arnaque.<\/p>\n<hr \/>\n<p>\u00c0 lire aussi :<\/p>\n<ul>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/vols-crypto-2025-2-milliards\/\">Vols crypto : plus de 2 Md$ d\u00e9rob\u00e9s en 2025<\/a><\/li>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/hack-defi-balancer\/\">DeFi en alerte : le hack Balancer de 116 M$ r\u00e9v\u00e8le une attaque ultra-pr\u00e9par\u00e9e<\/a><\/li>\n<li><a href=\"https:\/\/www.coinspeaker.com\/fr\/france-kidnapping-cryptos\/\">France : Nouveau kidnapping li\u00e9 aux cryptos dans la Dr\u00f4me<\/a><\/li>\n<\/ul>\n<a class=\"infinscroll_next_page_link\" style=\"display:none\" href=\"https:\/\/www.coinspeaker.com\/fr\/tether-attaque-sp-downgrade-usdt\/\" rel=\"prev\">next<\/a>","protected":false},"excerpt":{"rendered":"<p>En 2025, chaque fois qu&rsquo;un hack majeur \u00e9clate, le m\u00eame nom revient dans les rapports post-mortem : Lazarus.<\/p>\n","protected":false},"author":200,"featured_media":18810,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-18807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-actu"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025<\/title>\n<meta name=\"description\" content=\"Le spear-phishing reste la technique favorite du groupe Lazarus, et l\u2019IA pourrait rendre ces attaques encore plus efficaces en 2026.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025\" \/>\n<meta property=\"og:description\" content=\"Le spear-phishing reste la technique favorite du groupe Lazarus, et l\u2019IA pourrait rendre ces attaques encore plus efficaces en 2026.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/\" \/>\n<meta property=\"og:site_name\" content=\"Coinspeaker France\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-01T19:45:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/Copie-de-Coinspeaker149.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Emmanuel Roux\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emmanuel Roux\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025","description":"Le spear-phishing reste la technique favorite du groupe Lazarus, et l\u2019IA pourrait rendre ces attaques encore plus efficaces en 2026.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/","og_locale":"fr_FR","og_type":"article","og_title":"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025","og_description":"Le spear-phishing reste la technique favorite du groupe Lazarus, et l\u2019IA pourrait rendre ces attaques encore plus efficaces en 2026.","og_url":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/","og_site_name":"Coinspeaker France","article_published_time":"2025-12-01T19:45:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/Copie-de-Coinspeaker149.jpg","type":"image\/jpeg"}],"author":"Emmanuel Roux","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emmanuel Roux","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/","url":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/","name":"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025","isPartOf":{"@id":"https:\/\/www.coinspeaker.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/#primaryimage"},"image":{"@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/Copie-de-Coinspeaker149.jpg","datePublished":"2025-12-01T19:45:00+00:00","author":{"@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/cfb5df450a3f98d6cbdac45264af1e5d"},"description":"Le spear-phishing reste la technique favorite du groupe Lazarus, et l\u2019IA pourrait rendre ces attaques encore plus efficaces en 2026.","breadcrumb":{"@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/#primaryimage","url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/Copie-de-Coinspeaker149.jpg","contentUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/12\/Copie-de-Coinspeaker149.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.coinspeaker.com\/fr\/spear-phishing-hackers-nord-coreens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.coinspeaker.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Spear-phishing : l\u2019arme num\u00e9ro 1 des hackers nord-cor\u00e9ens en 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.coinspeaker.com\/fr\/#website","url":"https:\/\/www.coinspeaker.com\/fr\/","name":"Coinspeaker France","description":"Bitcoin, Ethereum, Altcoins et actualit\u00e9s crypto avec analyses, cours en direct, graphiques de donn\u00e9es et guides","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.coinspeaker.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/cfb5df450a3f98d6cbdac45264af1e5d","name":"Emmanuel Roux","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.coinspeaker.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/06\/cropped-pp-1-96x96.png","contentUrl":"https:\/\/www.coinspeaker.com\/fr\/wp-content\/uploads\/sites\/6\/2025\/06\/cropped-pp-1-96x96.png","caption":"Emmanuel Roux"},"description":"Issu de la finance traditionnelle, j\u2019ai naturellement bascul\u00e9 vers l\u2019univers crypto, attir\u00e9 par son potentiel. Je souhaite y apporter mon approche analytique et rationnelle, tout en conservant ma curiosit\u00e9. En dehors de l\u2019\u00e9cran, je lis beaucoup (\u00e9conomie, essais, un peu de science-fiction) et je prends plaisir \u00e0 bricoler. Le DIY, pour moi, c\u2019est comme la crypto : comprendre, tester, construire soi-m\u00eame.","url":"https:\/\/www.coinspeaker.com\/fr\/author\/emmanuel\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/users\/200"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/comments?post=18807"}],"version-history":[{"count":3,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18807\/revisions"}],"predecessor-version":[{"id":18812,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/posts\/18807\/revisions\/18812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/media\/18810"}],"wp:attachment":[{"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/media?parent=18807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/categories?post=18807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.coinspeaker.com\/fr\/wp-json\/wp\/v2\/tags?post=18807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}