IGLOO reviews North Korea-linked intrusion clusters including Kimsuky, Lazarus, and Konni, explaining how vendors map overlapping malware, tactics, and naming schemes into actor clusters such as APT37, APT38, Chollima-branded groups, and Microsoft weather-themed names. The report focuses on Konni as a cluster historically associated with Konni RAT and malicious-email delivery, noting activity observed since at least 2014 and campaigns against Russia, South Korea, and related targets using attachments such as screen-saver files. It frames the artifact analysis as a defensive aid for classifying DPRK threat activity and comparing actor tradecraft across public reporting.