DPRK-nexus is a threat actor group that compromises its victims by sending spear-phishing emails containing Korean-based malicious documents with different lures. The lures utilized in their recent efforts are quite diverse. These lures varied from the impersonation of the Korea Internet Information Center (KRNIC) to the impersonation of numerous South Korean Internet Security companies or Cryptocurrency companies. This effort appears to have a broad goal of stealing data from South Korean individuals. The victims of the majority of the infections were users who had an email address registered on naver dot com, a South Korean web platform that offers free email boxes, news, and search engine capabilities.