ESRC reported an active phishing campaign aimed at South Korean defense and security personnel. The lure email posed as a security alert about repeated authentication requests, used image-loading code to confirm whether recipients viewed the message, and presented a fake attachment area that redirected users through an external form. Investigation of the attacker server found a Ministry of National Defense mail-login phishing page at mail.mndgo.kr:8443 and about 20 defense- or security-themed PDF decoys, suggesting multiple targets or planned targets. The assessed objective was credential theft against accounts used by defense and security-sector personnel.