Suspected North Korean threat actors showed sustained interest in Validin threat intelligence data, especially infrastructure publicly attributed to them and reporting that exposed their operations. The activity was attributed in the talk to a North Korean cluster known for cyberespionage and financially motivated operations against individuals and organizations in the cryptocurrency sector. The speakers frame the behavior as an effort to understand what defenders can see, adapt exposed infrastructure, and reduce the value of public threat intelligence. The investigation also found backend web code used to support the actors' campaigns, apparently exposed through operational security mistakes.