ESRC reports a North Korea-linked phishing campaign that impersonated South Korea’s Korea National Diplomatic Academy and abused Google Forms as a lure. The attackers used diplomatic or policy-themed content to persuade targets to open a fake survey or document workflow, then directed them toward credential-harvesting infrastructure. The campaign fits the broader pattern of North Korean social-engineering operations against foreign-policy, security, and academic personnel. ESRC recommends careful URL verification and caution with survey or document links received from unexpected senders.