ESRC links Operation Black Limousine to ongoing Kimsuky activity targeting South Korean political, social, security, diplomacy, and unification-related interests. The analyzed lure used a malicious HWP document themed around a personal-information consent form and national R&D regulations, with an embedded BIN0001.eps PostScript component carrying encrypted shellcode. After decryption, the shellcode attempted to contact rentcartoday.com as command-and-control infrastructure and could download and execute an additional payload. The report warns that successful infection may enable data theft and remote control, while updating Hancom Office removes the vulnerable Ghostscript engine used by this EPS attack path.