Securonix describes SHROUDED#SLEEP, an ongoing campaign likely attributed to North Korea's APT37, delivering the VeilShell PowerShell backdoor against Southeast Asian targets with Cambodia as a primary focus. The infection chain begins with phishing lures carrying ZIP archives that contain disguised .lnk files using double extensions such as PDF or spreadsheet names. Those shortcuts execute PowerShell to extract embedded Base64 payloads, drop a lure document, a configuration file, and a malicious DLL into the Windows Startup folder, delaying execution until reboot for persistence and evasion. VeilShell provides remote access capabilities including data exfiltration, registry manipulation, and scheduled task creation, while long sleep intervals and staged execution are used to reduce heuristic detection. The campaign matters for DPRK tracking because it shows APT37 retooling or continuing Southeast Asia-focused operations with tradecraft similar to earlier North Korea-attributed activity.