APT45, also known as Andariel or Jumpy Pisces, is described as a North Korean state-sponsored actor tied to financially motivated activity involving the Play ransomware operation between May and September 2024. The excerpt says researchers assessed with moderate confidence that Jumpy Pisces, or a faction of it, was collaborating with Play, making the case notable because of the apparent overlap between a North Korean state actor and an underground ransomware network. Initial access was reportedly obtained through a compromised user account, followed by lateral movement and persistence using the Sliver C2 framework and the Dtrack backdoor. Before Play ransomware deployment, actors using the same compromised account performed credential harvesting, privilege escalation, EDR sensor removal, and browser-data theft against the victim environment. Listed IOCs include americajobmail.site and several hashes, giving defenders concrete artifacts to hunt alongside the account and remote-tool activity.