ESRC reports repeated North Korea-linked spear-phishing attempts against South Korean diplomacy, security, defense, unification, academic, and private-sector experts. The attackers sent a password-protected malicious Word document disguised as a profile form, using urgency around a next-day response to entice recipients to open the attachment and enable macros. If macros were enabled, the document contacted an overseas C2 server and could support keylogging, personal data theft, and additional malware infection. ESRC says the macro code and infection method matched previously observed North Korea-linked activity, and notes continued abuse of free overseas web-hosting services as attack infrastructure. ALYac detections cited for the malware include Trojan.Downloader.DOC.Gen and Trojan.Agent.4568A.