SecAI linked a series of April 2024 onward targeted attacks against the United States, Japan, and South Korea to Kimsuky, a North Korea-based APT focused on intelligence collection around the Korean Peninsula, nuclear policy, sanctions, diplomacy, and national security. The suspected targets included Japanese and South Korean politicians connected to North Korea issues and U.S. military industry technicians, with possible German overlap. Lures referenced the U.S.-Japan-South Korea trilateral summit and job descriptions from General Dynamics Land Systems and Lockheed Martin, while South Korea-focused samples were reportedly delivered through Facebook social-engineering phishing. Initial payloads included uncommon MSC files with fake Word icons using Google online document lures and PE files with fake PDF icons, and SecAI extracted related sample, IP, and domain IOCs for detection.