TA444, which overlaps with public activity called APT38, Bluenoroff, BlackAlicanto, Stardust Chollima, and COPERNICIUM, is likely tasked with generating revenue for the North Korean regime. Proofpoint clusters TA444 activities based on malware lineage, behavioral heuristics and traits of first-stage tooling meant to fool targeted users, distinctive infrastructure usage, and targeting of financial entities, along with other factors. If this occurred, we would anticipate seeing tool and infrastructure re-use as well as continued deviation of targeting away from major cryptocurrency and financial institutions. Historic TA444 operations, such as the 2016 Bangladesh Bank heist and targeting of cryptocurrency entities, have been linked to the North Korean government by the United States.