ESTsecurity ESRC reports a Kimsuky spear-phishing campaign that impersonated a private policy researcher in South Korea's diplomacy and security community. The email targeted a person at a national defense-related organization with a policy-advisory request and a supposed large HWP attachment download. The lure led to a Naver-themed phishing site at a lookalike domain, where submitted credentials were sent to the attacker before the victim received the real HWP file. Hidden form fields carried a base64-encoded target ID and attachment URL, supporting ESRC's attribution to Kimsuky activity against defense, unification, North Korea, diplomacy, and security targets.