NTT Security Holdings attributes recent DarkPlum activity to a DPRK-linked cyber espionage group also known publicly as Kimsuky and APT43. The group targets government, military, academic, and think-tank organizations across South Korea, Japan, Europe, and the United States, while also using cryptocurrency theft to support operations. Researchers correlated OSINT, malware IOCs, and large-scale network telemetry to map DarkPlum infrastructure, including VPN services, intermediate servers, C2 servers, likely operational bases, phishing campaigns against South Korean academics and think tanks, and cryptocurrency account-stealing phishing pages. The presentation emphasizes infrastructure management and operational-pattern analysis, including working-hour insights and OPSEC practices.