ASEC tracked a continued wave of malicious HWP documents whose filenames were crafted around current events and sector-specific lures, including COVID-19 notices, real estate listings, maritime research, recruitment, and recipient-specific email addresses. The DPRK-relevant section identifies real estate-themed HWP files as activity suspected to be linked to the Lazarus group, with document titles designed to attract people interested in property transactions. The report also notes continued abuse of realistic Korean document content and HWP delivery formats, including examples associated with Konni-style malicious HWP activity. The defensive value is in showing how Korean-language social-engineering themes changed over several months while maintaining document-based delivery against targeted users.