This actor, also known by Thalium and APT37, has been active since 2012 and has produced several campaigns using various techniques, from watering hole attacks to spear phishing and malware campaigns targeting different platforms, including Android and Chromium-based browsers. The latest campaign described uses different methods: - Spear Phishing Attack: The campaign uses highly targeted emails to compromise either the ultimate victim or someone in their circle and use it to perform further spear phishing attacks. These apps are distributed using a feature called “internal testing,” which allows the app developers to distribute their apps to a small group of users flagged as “trusted.” The number of trusted users is very limited, which shows that this campaign is highly targeted. This organization was detected targeting Korean and German entities, and it’s believed that the main goal is to target government employees, military, manufacturing, academic, and the think tank of global diplomacy and security.