AhnLab reports a Kimsuky APT campaign targeting domestic users with decoy Word documents themed around Russia and North Korea relations. The attacker used a GitHub repository to host multiple malicious scripts and benign decoy files, with the scripts ultimately stealing user information. The source also notes Run key persistence and additional file attribute and permission changes to support more refined intrusion activity.