Konni/Kimsuky is actively targeting South Korean organizations via spear-phishing LNK files deploying a multi-RAT stack (EndRAT, RftRAT, Remcos), then abusing compromised employees’ authenticated KakaoTalk desktop sessions to propagate malware laterally to contact lists through implicit platform trust. A related campaign variant abuses stolen Google credentials to trigger remote wipe of victims’ Android devices via Google Find Hub. Organizations with South Korean operations or KakaoTalk deployments should alert users to treat unexpected KakaoTalk file-sharing messages as suspicious, hunt for LNK-triggered WSH execution and multi-RAT persistence indicators, and audit Google account sessions for unauthorized access.