A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering.
Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the
lecrab 
lecrab