ESTsecurity reported a North Korea-attributed phishing attack that impersonated a Ministry of Unification human-rights forum co-hosted with a South Korean lawmaker. The lure abused a legitimate encrypted HTML-style notice format used by the ministry, but inserted malicious commands that executed before the user entered the password needed to view the decoy content. ESRC found that a compromised domestic shipping and aviation company website was used as an intermediate host, and that the task-scheduler and mshta/PHP execution pattern matched earlier attacks impersonating the UN Human Rights Office in Seoul and a police identity-theft case. Representative indicators included MD5 hashes DF8B05C389AC9D1B07D2F825EFE6512D and 8CAE06EF26D06863701C78240B2C6535, plus taedusa[.]com PHP paths.