ESRC links a Kimsuky "Smoke Screen" APT campaign to malicious DOC, HWP, and EXE lures aimed at South Korean defense, diplomacy, security, and North Korea-related organizations. The DOC lures users to enable macros, the HWP file uses PostScript and encoded shellcode, and the EXE poses as an AES256 decryptor while showing plausible decoy content. Across the document and executable variants, the attacks create a scheduled task named "OneDrive" and repeatedly contact boaz[.]kr command-and-control paths. Shared artifacts such as the "Robot Karll" document author and identical C2 infrastructure connect the variants and give defenders concrete pivots for detection.