Kimsuky primarily uses spear-phishing to target individuals employed by government, research centers, think tanks, academic institutions, and news media organizations, including entities in Europe, Japan, Russia, South Korea, and the United States. Although Kimsuky is primarily an intelligence collection entity, its cyber espionage campaigns directly support the DPRK’s strategic and nuclear ambitions. Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee. Kimsuky employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.