ESRC reported a North Korea-linked phishing campaign impersonating a major South Korean portal's cloud file-sharing invitation service. The targets were mainly experts and journalists working on North Korea-related issues, and the lure referenced North Korean nuclear development and U.S.-North Korea relations while spoofing a former intelligence official as the file sharer. Clicking the invitation button redirected victims to phishing infrastructure including share.myboxes.navers[.]tech and view.boxfile[.]click to steal account passwords. ESRC attributed the activity to the KGH group linked to North Korea's Reconnaissance General Bureau, noting overlaps with earlier NFT reward and health-check certificate lures and warning that the same actors also use malicious DOC and HWP documents.