ESRC reports a spear-phishing attack impersonating South Korea's cyber police and assesses that Kimsuky was involved. The email was crafted to resemble a civil complaint response and attempted to convince the recipient that police were sending a computer inspection program. The attached archive contained a malicious executable that used encoded resource data and VMProtect packing, then collected victim information and covertly sent it to an attacker-controlled Hanmail account. The excerpt warns that state-sponsored threat groups are increasingly involved not only in espionage but also in attacks suspected of supporting foreign-currency generation, particularly around cryptocurrency-related activity.