Hangul Word Processor (HWP) is being used as a lure document format in the Kimsuky and ScarCruft phishing campaigns targeting South Korean organizations, with malicious HWP documents serving as the initial delivery mechanism for LNK-based payloads. No specific HWP software vulnerability is cited in the published source data; the risk is document-based social engineering delivery rather than a patchable application flaw. Organizations with HWP deployed should monitor for HWP processes spawning unexpected child processes and ensure email security controls inspect HWP attachments.