CYFIRMA profiles Kimsuki as a North Korea-linked APT active since at least 2012 and aligned with strategic intelligence collection priorities associated with the Reconnaissance General Bureau. The group is described as targeting South Korean and U.S.-based government agencies, academics, and think tanks focused on Korean Peninsula geopolitical issues, with broader activity across East Asia, Southeast Asia, North America, Europe, and other regions. The profile lists aliases including APT43, Thallium, Velvet Chollima, Black Banshee, and Emerald Sleet, and notes tools and malware such as BabyShark, AppleSeed/KGH_SPY, AlphaSeed, GoldDragon, custom phishing frameworks, browser credential stealers, PowerShell, MSHTA, WMIC, Certutil, and BITSAdmin. The MITRE mapping emphasizes reconnaissance, phishing, compromised or acquired infrastructure, malware development, scripting execution, defense evasion, credential theft, C2 over web and other services, exfiltration, and financial theft. The report is useful as a reference profile for Kimsuki tradecraft, targeting, malware families, and technique coverage rather than a single incident analysis.