NSHC's November 2024 Korean threat-actor intelligence report describes multiple observed intrusion patterns, including malicious LNK files themed around China-North Korea policy, VHDX lures disguised as Chinese embassy invitations, and backdoors that steal files or capture screens. The report also notes cloud-service exfiltration through pCloud and Yandex, credential and Windows token abuse followed by Play ransomware activity, and macOS persistence through modification of the zsh environment file. These observations provide broad TTP coverage for DPRK-linked and adjacent APT monitoring.