Kimsuky was assessed with high confidence as targeting a western European weapons-component manufacturer through spear-phishing emails using a General Dynamics job-description lure. The malicious attachment, Safety Manager JD (General Dynamics HR Division II).jse, decoded two Base64 blocks to show a benign PDF while silently launching an executable library described as a new espionage tool. The payload created persistence through a CacheDB service and the Windows Run registry key, registered victims with a unique identifier, sent system data to C2, and supported file enumeration, process-path collection, screenshots, socket checks, process execution, secondary payload download, sleep, and self-removal. Network infrastructure included download.uberlingen[.]com and related domains resolving to 94.131.120[.]80, with overlap around *.r-e[.]kr cited as supporting Kimsuky infrastructure links. The targeting of a defense supply-chain manufacturer highlights continued North Korean interest in military and aerospace-related organizations.