AhnLab reports malicious Word documents distributed through channels such as group chats and crafted to resemble legitimate Microsoft Office URLs. The documents used OOXML external template injection, with domains visually close to openxmlformats.org, ms-office services, or Office template sites, to download remote macro templates. The filenames and themes targeted South Korean foreign-policy and security experts with topics such as China, North Korea, and diplomatic issues. The report emphasizes that attackers increasingly use lookalike Office infrastructure and document-theme personalization to make malicious template injection harder to identify.