Hauri attributes a 2023 spear phishing campaign to the North Korean Kimsuky organization, using at least 16 mail servers and 24 impersonation accounts to reach more than 400 people in Korean and overseas institutions. Targets included research institutes, universities, professors, journalists, senior officials, and specialists in politics, diplomacy, defense, and North Korea. Operators first sent natural looking greetings, meeting requests, advisory requests, or expert opinion lures, then delivered malware only after victims replied; Hauri observed an average response rate near 25 percent. Payload delivery included HWP, DOC, DOCX, cloud download links, ISO archives, VBS, and HTML files, with password protected archives and antivirus checks used to reduce detection.