QiAnXin reports a suspected Kimsuky, or APT-Q-2, campaign using fake General Dynamics and Lockheed Martin recruitment lures for defense jobs in Germany to target European military industry personnel. The activity used JSE, C++ and Go droppers to place a DLL payload under ProgramData or fetch it from attacker infrastructure, then execute it with regsvr32. The malware persisted through a CacheDB service when elevated or an HKCU Run key otherwise, stored configuration in NTFS alternate data streams or decrypted it from the .data section, and used RC4 encrypted HTTP POST C2 traffic. QiAnXin cites code similarity, Korean language artifacts, the username niki, and related r-e.kr and o-r.kr infrastructure as reasons the activity is likely connected to Kimsuky, while noting the fake recruitment theme also resembles Lazarus tradecraft.