APT37 has likely been active during most of this decade. It primarily focused on targeting the public and private sectors in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities.
Microsoft has recently taken hold of 50 websites used by suspected North Korean hackers to bolster attempted hacks against government employees, universities and nuclear organizations, among other targets.
Thallium sends phishing emails which direct target victims to malicious websites, where they would be prompted to enter their username and password. A successful effort would provide Thallium access to victimized account data including messages, contact lists and appointments. The IoCs indicate that most of these malicious domains masquerade as legitimate domains with minor typos, often undetected by unsuspecting users.
Microsoft reports that Thallium has been active since 2010, and is known for its use of malicious software known as BabyShark and KimJongRAT.