The Korean analysis examines a phishing email suspected to be linked to Kimsuky that impersonates Naver’s electronic document service and a Korean National Police Agency notice. The message was sent from [email protected] through 89.221.237.155 in Moscow and directed recipients to p-doc.docpolice.p-e.kr, a domain unrelated to Naver. The lure embeds a legitimate Naver login URL inside a parameter to create redirection confusion, but the click path leads to a fake login page intended to steal Naver credentials. The recipient’s Naver address is included in the URL, indicating individualized targeting of Korean users rather than a generic mass-phishing link.