A threat actor targeting government institutions, military contractors, maritime groups, telecom and satellite operations, and industrial and high-tech companies, primarily in South Korea and Japan, since 2011. The group relies on spear-phishing and known vulnerabilities to infect the system. They then use their custom-made cyber-espionage tools to steal e-mail and account passwords, sensitive information, and company plans.