ASEC observed a malicious Hangul document distributed ahead of South Korea's 20th presidential election, disguised as a National Election Commission press release about shipboard voting. ASD telemetry indicated the HWP used an embedded OLE object to run a batch file from the temp directory and then execute PowerShell. ASEC linked the tradecraft to a similar February 7 NEC-themed malicious HWP campaign that DailyNK reported as involving North Korean hackers, noting shared impersonation of the same institution, OLE-based batch execution, and similar PowerShell variable naming. The activity matters because election-themed official documents can provide credible lures for journalists or users seeking public-sector information during a politically sensitive period. AhnLab detection for the behavior was listed as Execution/MDP.Powershell.M4208.