KISA’s JSAC 2025 presentation describes North Korean hacking activity targeting centralized management solutions used to administer corporate devices. The speakers tie the investigation to Maui ransomware leads, attacker Google account activity, leased Korean hosting infrastructure, and search behavior that included North Korean language usage. The presentation also discusses remote-control malware management tooling and attacker interest in Korean DLP and antivirus software code as high-value paths into enterprise environments.