ESRC reported a mass phishing campaign using malicious Word documents named around anxiety-inducing themes such as quarantine-rule police attendance notices and emergency relief application forms. The emails attempted to persuade recipients to enable Office macros, after which the document contacted attacker-controlled C2 infrastructure and installed additional malware. The malware collected host details including username, antivirus product, operating system, and system version, giving attackers reconnaissance data for follow-on activity. ESRC assessed the activity as an extension of a previously reported KRNIC-impersonation campaign and noted detections including Trojan.Downloader.DOC.Gen and Trojan.Agent variants.