Somansa reports a Kimsuky spear-phishing case that impersonated a UN North Korea sanctions panel report and targeted recipients with a malicious HWP document. The lure copied the format of legitimate South Korean institutional documents and presented a fake text-selection prompt; clicking the embedded image executed an OLE-dropped HancomReader.scr file. The SCR launched PowerShell and mshta, which attempted to contact attacker C2 infrastructure for command execution or additional payload delivery, although the observed C2 was blocked during analysis. The report frames the case as part of Kimsuky’s continuing South Korea-focused document-malware operations and recommends blocking untrusted attachments and maintaining EDR, network separation, and patch hygiene.