The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea.  They employ sophisticated techniques to infiltrate systems and steal sensitive data by use of various plug-ins, such as Durain and Peach, demonstrating their adaptability and ability to tailor their attacks to specific targets. uploads all the documents APT-Q-12 employs sophisticated email probes to gather information about potential victims, including their email platforms, devices, and office software.  By embedding malicious content in emails disguised as advertisements or subscriptions, the attackers capture user-agent information to identify email brands and platforms.  To differentiate between WPS and Word, they utilize web control objects in mhtml files and template injection techniques and the collected information is shared among APT groups in Northeast Asia to facilitate targeted zero-day attacks.

Source: GBHackers