Genians Security Center analyzed a Konni APT campaign that used North Korea-themed spear-phishing to gain initial access. The lure impersonated a notice appointing the recipient as a North Korean human-rights lecturer and delivered an archive containing a malicious LNK shortcut disguised as a normal document. When executed, the LNK launched cmd.exe and 32-bit PowerShell, extracted and ran an embedded decoy PDF, downloaded additional payloads from drfeysal[.]com, and established persistence through scheduled tasks, startup entries, or process masquerading. The actor remained concealed on the endpoint while collecting internal documents, account information, and system environment data, then abused the victim's KakaoTalk PC session to send malicious files to selected contacts. The campaign is notable for combining spear-phishing, long-term persistence, information theft, and account-based messenger propagation.