North Korean threat agents have been linked to a synchronized cyber surveillance operation aimed at diplomatic missions in their southern counterpart from March to July 2025.
This operation appeared as a minimum of 19 spear-phishing emails that masqueraded as reliable diplomatic contacts, intending to entice embassy employees and foreign ministry officials with persuasive meeting invitations.