ScarCruft used the Fukushima treated-water discharge controversy as a social-engineering theme against Korean users, distributing a `Fukushima.rar` archive containing a CHM file. When opened, the CHM executed remote code from `navercorp.ru/dashboard/image/202302/4.html` and displayed decoy content about Japanese beer sales after the discharge to distract the victim. The payload chain again launched a Chinotto backdoor through PowerShell, with C2-style communication to `navercorp.ru/dashboard/image/202302/com.php?U=`. The captured Chinotto variant retained file theft and upload capabilities while adding scheduled-task creation for persistence and file-deletion functionality to remove traces.