North Korean hackers are ramping up their operations, using emails that pose as human rights organizations and financial institutions to trick people into opening malicious files. A report from the South Korean cybersecurity firm Genians highlights this campaign, called "Operation Poseidon," which is tied to the Konni hacking group. Known for its advanced persistent threat (APT) campaigns, Konni has a history of targeting South Korean government bodies, researchers, and civil society. The spearphishing tactic used in this campaign involves links that look legitimate because they go through trusted advertising and click-tracking systems. By disguising malicious destinations behind these trusted URLs, attackers can bypass email security filters and lower recipients' suspicions. Victims are ultimately redirected to servers that host malware, often disguised as PDFs or financial notices. Genians explains that this method is particularly insidious, as APT campaigns blend long-term access with social engineering techniques that can outsmart standard security measures. North Korea's cyber operations have intensified due to international sanctions, with hacking becoming a vital source of income for its nuclear and missile programs. A report from an 11-country monitoring team indicated that North Korea's cybercrime capabilities are nearly on par with those of major powers like China and Russia. In just three years, North Korea has reportedly stolen over $3 billion through attacks on financial systems and cryptocurrency platforms. Genians warns that similar impersonation attacks are likely to persist, advising organizations and individuals to exercise heightened caution with unsolicited emails.