Mandiant assesses APT45 as a long-running North Korean cyber operator active since at least 2009 and supporting DPRK priorities. The group began with espionage against government and defense targets, later expanded into financial-sector activity, and is suspected with moderate confidence of developing or using ransomware. APT45 has targeted nuclear research, power generation, crop science, healthcare, pharmaceuticals, and financial organizations, including the 2019 targeting of India's Kudankulam Nuclear Power Plant. The source distinguishes APT45 by its separate malware lineage, use of tools such as RIFLE, ROGUEEYE, and 3PROXY, and public overlap with names including Andariel, Onyx Sleet, Stonefly, Silent Chollima, and Lazarus Group.