ESRC attributed a malicious Word document named "My Interview on COVID-19 with NCNK.doc" to Kimsuky based on techniques and characteristics matching the Smoke Screen campaign. The lure copied content from the National Committee on North Korea about COVID-19 conditions and NGO support, then presented a fake protected-document screen to persuade the recipient to enable macros. If macros were enabled, the document contacted an attacker-controlled server, registered a scheduled task under a OneDrive name, and repeatedly reached out every three minutes to a compromised Korean education-sector server. Successful C2 communication triggered staged PHP commands associated with Smoke Screen, enabling covert host information theft and potential follow-on RAT deployment. The activity matters for DPRK-focused defenders because it shows Kimsuky using COVID-19 themes and malicious DOC files against people working on North Korea-related issues.