A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses GitHub as command and control (C2) infrastructure.