S2W's Operation Newton presentation describes Kimsuky activity against scientific and engineering researchers using the AppleSeed backdoor. The transcript says the attackers began with spear phishing to steal mail credentials, then used leaked account data to collect VPN and server access information and move into internal networks. AppleSeed is described as a Kimsuky backdoor with persistence, folder and keyboard monitoring, screen capture, USB monitoring, C2 communication, and payload download capability.