This campaign employed novel techniques, such as disguising malware as installation files for South Korea’s electronic document security programs to steal from the GPKI folder, used by government administrative and public institutions in South Korea, and exploiting the SOCKS5 protocol. We have categorized Kimsuky group’s new malware based on their functionalities and types. This aligns with the Kimsuky group’s recent trend of utilizing Go-based tools and malware. The group primarily uses spear phishing attacks to distribute malware and attempt to take over accounts to harvest data.