Genians analyzes an APT37 campaign that used identity impersonation and a Korean messenger group chat channel to deliver malicious HWP and LNK files. The report highlights spear phishing, lateral-movement risk after initial endpoint compromise, evasion-focused variants, and commercial cloud infrastructure used for command and control. The case is relevant to South Korea focused threat hunting, especially for organizations monitoring messenger-delivered documents, endpoint anomalies, and cloud-hosted C2 behavior.