CrowdStrike told The Daily Beast that North Korea-linked Stardust Chollima, also tracked by some researchers as Lazarus Group, targeted Chinese security researchers to obtain hacking techniques and possibly zero-day research. The campaign used Chinese-language lure documents such as “Securitystatuscheck.zip” and “_signed.pdf” that referenced Chinese cybersecurity authorities and were likely booby-trapped. CrowdStrike assessed the lures were probably sent by email and resembled earlier North Korean operations that used social media, fake personas, and malware to compromise security researchers. The activity matters because stolen vulnerability research and exploit knowledge could improve DPRK operators’ financially motivated and intelligence-driven campaigns.