Hauri reports malicious emails targeting Korean users by posing as invitations to an expert online discussion about Korea's nuclear armament. The lure uses a password-protected document and instructs recipients to enable content, which runs malicious macro code that collects PC information and sends it to attacker infrastructure. The macro then downloads and executes a VBS file from a C2 endpoint, saving it as %AppData%\Desktop.ini. The report provides concrete infrastructure indicators including Yulsohnyonsei[.]medianewsonline[.]com and http://koreajjjjj[.]sportsontheweb[.]net/0119/k.php, making the activity useful for detecting document-based social engineering tied to Korean security-policy themes.