The Korean analysis describes a Kimsuky-attributed campaign using a RAR archive themed as a South Korean National Tax Service notice for VAT-exempt business status reporting. Inside the archive, a very large LNK file masquerading as an HWP tax-audit notice launches hidden PowerShell that decodes embedded hexadecimal script content, extracts payload data from the oversized shortcut, writes files into public/documents paths, and starts a VBS script. The source provides hashes for the archive and LNK and places the activity in Kimsuky’s broader espionage targeting of South Korean policy, defense, diplomacy, defector, and related organizations.