ESRC reports an active Kimsuky phishing campaign using urgent password-change emails that impersonate Daum and lead victims to a fake Kakao account-management login page. The messages used a lookalike sender domain, daurn.net, and embedded hidden image-loading code that could leak user information when mail clients automatically download images. Victims who entered passwords on the fake Kakao page sent credentials to attacker infrastructure, with hxxps://swumedia[.]com/recv.php? listed as a related indicator. ESRC attributed the activity to Kimsuky after analyzing multiple indicators and warned that North Korea-linked targeting continues against organizations, companies, private experts, and civic groups.