Hauri warned that attackers impersonated a national advisory institution to send targeted malicious email to a researcher at a major Korean research organization. The lure requested a paper review and attached a 논문.zip archive containing a CHM file; opening it displayed a legitimate-looking Korean paper while an X Click-triggered script downloaded and ran temp.vbs from a malicious URL. The source frames the activity as an APT-style intrusion attempt using natural business email themes and CHM-based execution to hide infection from the victim. The advisory emphasizes that CHM malware remains a recurring delivery format against Korean organizations and recommends caution with unexpected attachments.