Genians reports KONNI APT activity linked in the source to Kimsuky or APT37, involving South Korea-based victims including a counselor supporting North Korean defector youth. The campaign used National Tax Service-themed spear phishing and KakaoTalk messages that delivered a digitally signed MSI disguised as a stress-relief program, then installed AutoIt-based malware with scheduled-task persistence under a fake hwpviewer name. After long-term reconnaissance and credential theft, the attackers abused stolen Google account access and Find Hub to locate Android phones and tablets, issue repeated remote wipe commands, and disrupt victims' ability to receive alerts or respond. Compromised KakaoTalk PC sessions were then used as trusted propagation channels to send malicious files to contacts, combining account takeover, device disruption, and social engineering. The report highlights this as a notable APT tactic because a legitimate device-management feature was used destructively after credential theft.