JPCERT/CC's Japanese report describes March 2024 Kimsuky activity against Japanese organizations using spear-phishing emails that impersonated security and diplomatic entities. The attached archive hid an executable with a double extension and long spacing alongside decoy DOCX files, leading victims to run the EXE. The infection chain downloaded VBS and PowerShell through wscript.exe, set Run-key persistence for C:\Users\Public\Pictures\desktop.ini.bak, collected host and user-folder data for environment checks, and then deployed a PowerShell keylogger that stored keystrokes and clipboard contents under C:\Users\Public\Music\desktop.ini.bak before exfiltration. JPCERT/CC links the case to Kimsuky because the VBS and PowerShell tradecraft matches activity previously reported against South Korean organizations.