ASEC confirmed that Kimsuky used coin-themed Word documents in an APT campaign observed on March 21, with three lures related to shareholder volume, asset-liability status, and a regular general meeting. The documents were based on legitimate Word files but had malicious macro code added, and their cryptocurrency-related content suggested targeting of virtual asset businesses. All three samples used the same macro behavior as a previously reported product-introduction lure, executing C:\Users\Public\Documents\no1.bat through WinExec after users were induced to enable content. The report shows Kimsuky extending a repeatable malicious Office-document delivery chain beyond logistics and shopping targets into the crypto sector, with related V3 detections covering BAT, VBS, and DOC components.