Alyac reports a Geumseong121 APT scenario built around long-running social engineering against South Korean figures connected to unification and North Korea policy. Operators first impersonated a newly appointed female senior researcher in the unification-policy field, sent benign introductory emails without malicious links or attachments, and used replies to collect phone numbers. After a delay, they approached targets through KakaoTalk under a separate persona, maintained ordinary conversations for at least a month, and shared benign photos and documents before delivering malicious material. The activity shows a tailored mobile-enabled intrusion workflow that reduces suspicion before exploitation and fits the group’s broader pattern of targeting diplomacy, security, unification, North Korea-related organizations, and defectors.