DNSC reports an active phishing campaign that it assesses is very likely linked to Konni, a North Korea-associated group often discussed alongside APT37 and Kimsuky. The infection chain uses malicious Windows LNK email attachments that run hidden PowerShell, open a decoy document, and install AsyncRAT on the victim system. Payload delivery and later-stage activity rely on both proxy command-and-control servers and trusted cloud services including Dropbox and Google Drive, with recent samples passing C2 details as runtime parameters rather than hard-coding them. The report lists multiple hashes, C2 IPs, cloud URLs, and MITRE techniques tied to scripting, malicious links, scheduled tasks, obfuscation, web services, and cloud-service exfiltration, making the activity relevant for tracking DPRK-linked espionage tradecraft.