ASEC reports continued Kimsuky activity involving spear-phishing lures, malicious shortcut files, PebbleDash, and custom use of RDP Wrapper to maintain access. The source notes that file names contain personal or company-specific details, indicating targeted victim research before delivery. The activity reinforces Kimsuky persistence tradecraft around remote access tooling and backdoors, and defenders should monitor for suspicious LNK execution, RDP Wrapper artifacts, and PebbleDash-related indicators.