The report documents a Kimsuky-attributed phishing site impersonating Yonsei University webmail at rfa.lol/yonsei, with visual elements and contact details intended to make the fake login page appear legitimate. Captured request details show submitted usernames and passwords being sent with standard form encoding, followed by scripted login-failure messaging to keep victims engaged. The campaign demonstrates credential-harvesting tradecraft against Korean academic or policy-adjacent targets and uses an RFA-themed domain path to add topical credibility.