ESRC reported a North Korea-linked phishing campaign that impersonated South Korea’s Central Disease Control Headquarters with emails about COVID-19 booster-shot adverse reaction monitoring. The activity targeted experts in specific fields and used a fake “confirm” button to redirect victims to a phishing page disguised as a Naver login screen. Credentials entered into the spoofed page were sent to attacker infrastructure, after which victims were redirected to a fake Naver electronic document page to reduce suspicion. The lure presented a COVID-19 booster plan document and downloaded a PDF named as adverse reaction monitoring status when clicked. ESRC attributed the activity to a North Korea-linked hacking organization based on its analysis of the attack flow, techniques, domains, and indicators, including invoice.naver.cn.com.