Qianxin profiles Kimsuky, also tracked as APT-Q-2, as a North Korea-linked threat group first publicly reported by Kaspersky in 2013 and active since at least 2012. The profile describes intelligence-collection operations focused primarily on South Korean political, military, defense, education, energy, government, medical, and think-tank targets, with additional activity against Japan and the United States. It cites social engineering, spear-phishing, watering-hole attacks, malicious HWP macros, PowerShell scripts, disguised PIF/PDF lures, encrypted C2 traffic, and a broader malware toolset as recurring tradecraft. The source also notes overlap with APT43 and recent mobile activity, making the profile relevant for DPRK espionage tracking and long-running Kimsuky infrastructure and tooling reviews.