ESRC reports a surge in Thallium/Kimsuky spear-phishing activity that abuses financial-transaction and honorarium-payment themes to lure Korean targets into opening malicious Office documents. The campaign impersonated domestic banks or payment-related correspondence, used malicious DOC and XLSX attachments with macro-enable prompts, and targeted diplomacy, security, unification, and North Korea specialists during the U.S.–South Korea summit period. The source highlights trust-building email exchanges before payload delivery and North Korean linguistic artifacts such as unusual wording in the macro lure, linking the activity to the Fake Striker campaign. ALYac detections include Trojan.Downloader.XLS.gen, Trojan.Downloader.DOC.Gen, and Trojan.Agent.479654T.