A threat actor used the malware BabyShark, which uses infrastructure associated with North Korean campaigns. The malware was delivered in November 2018 via spear-phishing emails written to appear as though they were sent from a nuclear security expert who works as a consultant for the U.S. government. The subject of the emails referenced North Korea's nuclear program.