ASEC found fake Kakao login pages built to steal credentials from specific users, likely reached through phishing emails. The pages copied the Kakao login format and prefilled account IDs, increasing the chance that victims would enter passwords without checking the domain. The targeted accounts appeared to include a university professor, a broadcasting-station reporter, and a North Korea business support group, suggesting interest in trade, media, and North Korea-related individuals or organizations. Submitted IDs and passwords were sent to attacker-controlled servers via GET requests, with malicious domains including accountskakao.pnbbio.com and accountskakao.koreawus.com.