McAfee linked the RedDawn Android spyware campaign on Google Play to the Sun Team activity it had previously observed targeting North Korean defectors and journalists. Three apps, including a food-information app and two app-lock utilities, were uploaded as unreleased versions and promoted through a fake Facebook profile to Korean-speaking victims. Once installed, the malware collected device data, personal photos, contacts, and SMS messages, while Dropbox and Yandex were used for command delivery, data upload, and additional dex payloads. The operation matters because it shows targeted mobile espionage against a vulnerable defector community using legitimate app-store distribution and cloud services rather than only conventional desktop intrusion paths.