An extended targeting pattern against maritime universities and diplomatic users highlights how high-trust institutions can become attractive cyber terrain even when attribution and intrusion methods remain unclear.