Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified

Hunt researchers uncovered an exposed server hosting phishing pages impersonating Naver that appear designed to steal credentials and track visitors, and identified a separate cluster of servers/domains spoofing Apple using frequently rotated Let's Encrypt certificates; the report provides technical analysis, observables (IPs, domains, cert SHA-256), hosting/ASN details, and assesses likely ties to DPRK-affiliated actors based on tactics and infrastructure.