AhnLab ASEC reported a credential-phishing page that closely imitated Kakao’s login screen and prefilled target account IDs. The suspected delivery route was phishing email, and ASEC inferred from the targeted IDs and its North Korea-related monitoring that the campaign likely focused on people or organizations connected to trade, media, or North Korea-related work. The malicious pages used lookalike accountskakao domains such as accountskakao.pnbbio[.]com and accountskakao.koreawus[.]com, then leaked entered IDs and passwords to attacker-controlled servers through GET requests. The report is relevant to DPRK-focused tracking as Korean-language social engineering against accounts likely used by journalists and North Korea-related personnel.