ESRC describes a spear-phishing campaign impersonating a South Korean think-tank workshop to target defense and national-security experts with a malicious DOCX file. The lure exploited MSHTML remote-code-execution vulnerability CVE-2021-40444, allowing an ActiveX control to install additional malware when opened on an unpatched Microsoft Office system. ESRC assesses the activity as an extension of the Fake Striker APT campaign and links it to a hacking organization associated with North Korea’s Reconnaissance General Bureau. The report highlights the attackers’ rapid operational use of CVE-2021-40444 after public disclosure and notes earlier use of CVE-2020-9715 in related document attacks.