The source warns that the Thallium threat group used spear-phishing themes related to Kaesong Industrial Complex worker research and Asia-Pacific research paper submissions. The activity relied on social engineering, malicious document attachments, script and LNK shortcut techniques, and double-extension executable files disguised as documents, with some samples attempting to reach command-and-control locations for additional malware download.