The Korean source analyzes a Kimsuky-linked LNK malware sample named “Pipelines Profile,” describing the actor’s use of link-file delivery as macro-based Office attacks became less effective. The oversized LNK launches hidden PowerShell, extracts an embedded PDF lure into the temporary directory, opens it with Microsoft Edge, and writes and executes an additional BAT payload from embedded data. The article links this tradecraft to RokRAT-style activity and notes Kimsuky targeting of South Korean think tanks, industry, nuclear-sector interests, DPRK-related organizations, defectors, former officers, diplomats, and government personnel. It provides hashes for the sample and lists multiple vendor detections for the LNK dropper/runner behavior.