ESRC warned that a North Korea-sponsored hacking group was abusing oversized LNK files in Korean-themed attacks after earlier Fair Trade Commission impersonation activity. The lures used current political and social topics such as the Washington Declaration and irregular tax-audit notices, padded the LNK files with large dummy data, and displayed HWP decoys while launching PowerShell or batch scripts. Execution downloaded additional shellcode or ran information-stealing and downloader scripts, with ALYac detecting the files as Trojan.Agent.LNK.Gen and Trojan.PowerShell.Agent. The report lists MD5 samples and infrastructure including OneDrive API delivery and centhosting.net endpoints, making oversized shortcut files a key defensive hunting clue.