Hauri reported a targeted malware campaign aimed at a university political science professor using a lure document tailored to the recipient. The attacker sent a large-file transfer link rather than a normal attachment, causing the victim to download a malicious Hangul document from a legitimate mail server while reducing antivirus exposure and limiting later sample collection through an expiry window. The malicious HWP file contained shellcode and heap-spray exploit techniques to download additional malware. Hauri assessed the file was likely made by the same author behind earlier malware distributed against domestic Korean targets, but the excerpt does not name a specific actor.