AhnLab reports malicious Word documents targeting individuals connected to North Korea and security affairs, with filenames crafted around unification, Korean Peninsula security, and named experts. The documents contain VBA macros matching a Kimsuky Word-document pattern and use PowerShell to download scripts from vjdif.mypressonline[.]com. The scripts collect host and process information, write data to %APPDATA%\Ahnalb\Ahnlab.hwp, exfiltrate it to post.php, establish persistence through a Startup shortcut, weaken Office macro warning settings, and log keystrokes. Listed detections include Downloader/DOC.Kimsuky and Trojan/PowerShell.FileUpload, with IOCs including 6f9c20f8f7f28a732b0853929a06b79c and ng.txt, ng.down, and post.php URLs.