ESRC reports a North Korea-linked hacking operation targeting PC users of KakaoTalk by impersonating KakaoPay with a lookalike account name. The attacker lowers suspicion with periodic event and service messages before sending a ZIP archive disguised as a revised privacy policy. The archive contains an executable masquerading with a .pif extension; when run, it opens a benign PDF while malware executes in the background. ESRC attributes the activity to Geumseong 121, linked to North Korea's Reconnaissance General Bureau, and says the malware steals user information, sends it to an attacker server, and waits for further commands.