ESRC reported a spear-phishing campaign that impersonated confidential material from a South Korean lawmaker’s office and targeted users of cryptocurrency exchanges. The emails carried an encrypted archive containing malicious Word documents and social-engineered recipients to enable macros by claiming fonts might not display correctly on ordinary computers. The macro contacted a compromised Korean website at hxxp://kjinnong.com/jdboard/boardbank/board/bbs/log.php for command-and-control, after which the victim could be exposed to additional malware that also attempted communication with a U.S.-based server. ESRC noted the document author account “PiterpanN” had appeared in earlier attacks against South Korean defense companies, a defense research organization, and foreign-affairs government targets, and that the 2018 malware shared an encryption/decryption algorithm format with malware used in a 2016 defense-related attack.