The Korean-language source attributes a malicious HWP lure targeting the Korea Association of Defense Industry Studies to Kimsuky. The attack begins with an email about a defense-industry digital innovation seminar and includes an HWP attachment that waits at a password prompt before executing malicious behavior. After execution, the document chain renames and opens a decoy PDF, copies files through the temporary directory, writes executables and manifests under AppData, and creates scheduled tasks named TemporaryStatescleanesdfrs and TemporaryStatescleansders_1 for persistence. The excerpt provides hashes for the HWP sample and notes detections such as Trojan/HWP.Agent and Exploit.HWP.Agent, making it relevant to defenders monitoring DPRK targeting of South Korean defense-sector organizations.