DBAPPSecurity analyzes Konni activity targeting Eastern Europe and East Asia in mid-2022, including samples submitted from South Korea and Russia. The report links the activity through traffic patterns, targeting, and later-stage payloads, and notes that Korean submissions included cryptocurrency-sector targeting while Russian submissions used diplomatic lures involving Russia, Korea, North Korea, and the United States. Konni used varied initial loaders, including macro documents, CHM files, and encrypted configuration files, then collected system information, compressed it, and uploaded it to C2 infrastructure. The actor also issued follow-on commands to download or execute additional payloads, demonstrating a flexible espionage workflow.