SentinelOne’s LABScon replay covers Volexity research on InkySquid/APT37, a North Korea-linked actor also known as Group123 or ScarCruft, and its macOS port of RoKRAT. The presentation describes BaDRAT/CloudMensis as a macOS espionage tool delivered through a downloader that used pCloud infrastructure, dropped persistence as a launch daemon, and targeted both x86 and ARM systems. The malware analysis highlights built-in surveillance capabilities, attempts to bypass macOS security controls, and leftover n-day exploit code, while the attribution discussion links the tooling and tradecraft to InkySquid rather than treating it as a generic macOS malware case.