Genian Security Center analyzed a January 2024 spear-phishing case that used a real New Year opinion column as the lure for Korean targets. The email delivered a password-protected ZIP containing a double-extension LNK disguised with a WordPad icon, then ran PowerShell to fetch scripts and a decoy RTF from Google Drive. The chain registered a hidden scheduled task named MicrosoftEdgeUpdateVersion and used manipulated Gzip data for defense evasion. The source ties the infrastructure to a Google Drive account named "fox tian" and the email tianfox67@gmail[.]com, with Genian EDR detection logic presented as the response path.