ESRC warns that Thallium used malicious documents themed around North Korean denuclearization and a constitutional academic forum as spear-phishing lures ahead of the U.S.–South Korea summit. The source says the lures targeted people working on diplomacy, security, defense, unification, and North Korea issues, and framed the activity as part of Thallium campaigns including Smoke Screen, Blue Estimate, and Fake Striker. The report notes the group’s broader use of spear phishing, supply-chain attacks, Android and macOS malware, and North Korean language or font artifacts in prior operations. ALYac detections for the samples include Trojan.Downloader.DOC.Gen, Trojan.Downloader.Script.gen, and Trojan.Agent.111616K.