ASEC reports that Kimsuky created a webmail phishing site impersonating national policy research institutes to target North Korea-related personnel and organization leaders. The fake login page reused tactics seen in earlier Kakao and Naver credential-harvesting pages, including prefilled target IDs for trade, media, and North Korea-related individuals or organizations. Submitted credentials would give the actor access to internal webmail accounts, which ASEC treats as comparable in value to portal-account credentials. ASEC attributes the activity to Kimsuky based on reverse-DNS-linked IP/domain data and related files, and warns users to verify URLs and certificates before logging into externally supplied webmail pages.