Genians reporting identifies an APT37 campaign observed after the Lunar New Year holiday, alongside Korea-focused state-backed groups such as Lazarus, Kimsuky, and Konni. The activity targets North Korea human-rights groups, journalists covering North Korea, defectors, and other North Korea-related personnel through spear-phishing. LNK files with embedded PowerShell commands are used for initial execution, including lures that combine a normal North Korea-themed PDF with a disguised shortcut file. The RoKRAT malware collects documents and recordings from victim systems and exfiltrates data through pCloud API-based C2 infrastructure.