ESRC reported a North Korea-linked phishing operation targeting personnel who work on North Korea-related issues. The emails impersonated Kakao security notifications about an overseas login and directed victims to a carefully built phishing page that imitated Kakao login, QR login, and policy menus. Submitted credentials were Base64-encoded and sent to the attacker’s server, and ESRC linked the infrastructure to earlier Smoke Screen activity against diplomacy and security-related targets. The report highlights continued DPRK-aligned credential theft using Korean-language social engineering and Kakao-themed infrastructure such as accountsosi[.]kakaocop[.]eu.