JPCERT/CC observed Kimsuky targeting Japanese organizations in March 2024 with emails impersonating security and diplomatic organizations. The lure attachment used filenames with double extensions and long spaces to hide an executable alongside decoy DOCX files, leading victims to run the EXE. Execution downloaded VBS and PowerShell from external sources, set persistence through the Run registry key, collected system, network, file-list, and account data, and then deployed a PowerShell keylogger that saved keystrokes and clipboard data under public user folders before exfiltration. JPCERT/CC links the activity to Kimsuky based on similar VBS and PowerShell tradecraft previously reported in attacks against South Korean organizations, indicating Japanese organizations may also be active targets.