North Korea's notorious Kimsuky cybercriminal gang has begun a campaign of new tactics, according to infosec tools provider Rapid7.

A Wednesday post explains that the crew — also known as Black Banshee, Thallium, APT 43 and Velvet Chollima — has a long history of trying to extract information from government agencies and equipment such as think tanks, presumably to gather intelligence that Kim Jong Un's regime could thought to find valuable.

Kimsuky's favorite tactic is spearfishing, sometimes after lengthy social engineering from correspondents posing as academics or the media. Previous attacks have seen victims send a questionnaire loaded with malware.

Rapid7 isn't sure how the gang is deploying its latest attack, but believes the payload includes poisoned Microsoft Compiled HTML Help (CHM) files along with ISO, VHD, ZIP and RAR files.