GCA's AIDE sensor network observed suspicious activity aligned with Kimsuky operations from January 2023 through August 2025, including a legacy Internet Explorer 11 user-agent previously documented in Kimsuky advisories. The telemetry showed Kimsuky-attributed reconnaissance using globally distributed hosting infrastructure, with high volumes from Panama and the United States as well as cloud, telecom, and hosting providers across multiple continents. AIDE also recorded repeated `babyshark` and `appleseed` login attempts, which GCA links to Kimsuky-associated malware families used for profiling, credential theft, persistence, and exfiltration. GCA assesses that the breadth of probing against Asia-Pacific-facing sensors suggests ongoing reconnaissance that could support broader DPRK cyber operations.