The report describes a North Korea-linked Kimsuky phishing site apparently aimed at Yonsei University users. The observed infrastructure used a lookalike drive-themed URL under drive-yonsei-ac-kr.bit-albania.com and attempted to mimic a Chrome or Google sign-in flow. The evidence supports treating the activity as credential-phishing infrastructure rather than a generic university-themed page.