Unit 42 describes Crooked Pisces, also known as KONNI, as an East Asia-focused threat group associated with spear-phishing operations. The group is known for using lure documents related to North Korea, with more recent activity also using cryptocurrency-themed documents. The same name is used for the group’s custom RAT, which includes anti-analysis techniques and intelligence-gathering capabilities, making the report relevant for tracking KONNI/Crooked Pisces phishing and malware tradecraft.