The source analyzes Konni malware disguised as HWP-themed LNK files targeting Korea National University of North Korean Studies, likely aiming at faculty or students involved in North Korea-focused education and consulting. The malware was delivered inside nested compressed archives and used filenames such as “2023-2 parking registration application” and “course registration correction form” to make shortcut files appear like Korean document files. Execution ran hidden PowerShell that located the LNK by size, carved out and opened a decoy HWP document, extracted update_cmd.zip into the Public Documents directory, and launched update.vbs. The report emphasizes the double-compressed delivery, HWP/LNK masquerading, and embedded PowerShell/VBS chain rather than providing a full C2 description in the excerpt.