A Korean-language analysis attributes a malicious LNK lure to suspected Kimsuky activity targeting a Korea National Defense University security policy professor. The lure impersonated the Military Affairs Office of the Chinese Embassy in South Korea and dropped a decoy HWP invitation for a Chinese National Day reception while running hidden PowerShell. The script extracted an embedded HWP, deleted the original LNK, used Base64 and string-splitting obfuscation, attempted to kill archive or analysis tools such as Bandizip, WinRAR, and 7zFM, and fetched a remote script from raw.githubusercontent.com under the aeufff repositories. The activity matters because it combines a defense-policy academic target, plausible diplomatic event content, GitHub-hosted payload retrieval, and anti-analysis behavior consistent with targeted espionage tradecraft.