ASEC links a Kimsuky campaign to phishing emails sent to professors under the guise of academic paper review requests, with password-protected HWP documents carrying malicious OLE objects. Opening the document creates staged files in %TEMP%, and a "more" hyperlink runs peice.bat to deploy a decoy HWP file, register a scheduled task, and copy cool.exe, cool.exe.manifest, and template.ps1 under Public Music. The scheduled cool.exe reads Base64-encoded VBScript from its manifest, launches template.ps1, collects process and antivirus information, exfiltrates it to Dropbox, and attempts to retrieve follow-on batch files. A related sample downloads files intended to install and hide AnyDesk through scheduled execution, configuration replacement, and PowerShell that suppresses visible windows and tray indicators. The campaign shows Kimsuky blending work-themed lures, legitimate remote-access tooling, cloud storage, and persistence to increase the chance of stealthy access.