The North Korean Konni APT group is running a targeted espionage campaign that compromises Windows systems via spear-phishing, then abuses victims’ active KakaoTalk desktop sessions to spread malware to their contact lists, enabling attackers to reach secondary victims through compromised trusted contacts. Affected organizations face risks of credential theft, persistent backdoor access, and secondary compromise of colleagues who receive malicious files from a known, trusted contact. The campaign’s multi-RAT deployment and long-dwell design indicate intelligence collection objectives, with a related component enabling remote wipe of Android devices via stolen Google credentials.