Kimsuky is linked to a phishing email impersonating Naver's takedown-request service, telling the recipient that a blog post had been suspended for an alleged rights violation. The lure appears to target users writing about cryptocurrency by pushing them from a fake rights-protection notice toward a Naver-looking login flow with malicious redirection after authentication. The excerpt identifies invoicegroup.64bit.kr and IP address 158.247.242.169 as infrastructure associated by the author with APT43/Kimsuky. The activity matters because it uses familiar South Korean platform notifications and copyright/legal language to harvest credentials from crypto-adjacent victims.