The report analyzes Kimsuky malware delivered as a Windows LNK file disguised as a public service citation personal form. The lure executes PowerShell commands after the victim opens the shortcut, indicating a social-engineering intrusion path consistent with document-themed DPRK phishing operations. The evidence supports tracking the file name, command-line behavior, and associated script execution as Kimsuky-linked malware activity targeting Korean-language users.