AhnLab reports a Kimsuky-linked spearphishing case that used lecture-request lures with HWP documents and MSC files to download additional malicious components. The source says the malware stores attacker-controlled scripts on the victim PC for repeated execution, enabling possible data theft or follow-on payload delivery. It also notes infrastructure patterns similar to a previous Kimsuky batch-file campaign and describes the use of Google Drive file titles to carry encoded malicious commands.