While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. Since our last report in September 2023, these campaigns have evolved in several important ways including incorporating AI-generated photos to mislead audiences, stoking conspiratorial content—particularly against the US government—and targeting new populations, such as South Korea, with localized content. Same targets, new playbooks: East Asia threat actors employ unique methods Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.