ScarletShark reported a Kimsuky, also known as Emerald Sleet, approach against a United States-based think tank using a free Proton Mail account to impersonate an employee of the Japanese Embassy in Washington, D.C. The message invited the target to a meeting, attached the impersonated staff member’s benign CV, and attempted to move the conversation to WhatsApp. Because the target did not respond, the follow-on stage was not observed, but the report assesses the tactic as likely preparation for credential phishing or malicious file delivery over an encrypted messaging channel. The documented indicators are the Proton sender address, the WhatsApp number, and the hash of the benign CV file. The case matters because it shows Kimsuky using personal email and encrypted messaging to reach policy targets where enterprise security controls may have limited visibility.