Tencent Security Yushin Threat Intelligence Center said it again monitored Hermit (hermit) to continue APT attacks against the Korean Peninsula. Through analysis and traceability, we found that this attack mainly focused on blockchain, digital currency, financial targets, etc., but we also found some attacks against the diplomatic entities. The technical means are similar, but there are certain updates, such as downloading new doc files to complete subsequent attacks and using the AMADEY family of Trojans. The ultimate goal is still to run the open source babyface remote control Trojan. In addition, the traditional Syscon/Sandy family's backdoor Trojans are still active.