ESRC reported a North Korea-linked phishing campaign impersonating Summitz coin victim NFT compensation notices to target prior investors, NFT-curious recipients, and Bitcoin holders. The email directed victims to an attached “NFT compensation plan” lure and then to private-banking-group[.]com, where account details entered for identity verification were sent to the attacker. The investigation also connected sslnaver[.]online, cdndaum[.]online, lion.simba21@protonmail[.]com, and repeated portal helpdesk impersonation infrastructure used against defectors and diplomacy, security, and unification-related targets. ESRC tied the activity to the North Korea-linked KGH campaign and noted overlap with earlier attacks impersonating a broadcaster, the Japan Institute of International Affairs, and health certificate issuance themes.