Securonix tracked STIFF#BIZON as an ongoing campaign against high-value targets including the Czech Republic and Poland, with some observed artifacts and tradecraft associated with Konni activity linked in the report to North Korea’s APT37. The intrusion began with phishing attachments containing a compressed archive with missile.docx and _weapons.doc.lnk; shortcut execution ran Base64 content appended to the document and launched a PowerShell stager. Follow-on stages downloaded weapons.doc and wp.vbs, created an "Office Update" scheduled task, established C2 communication, and loaded .NET modules for screenshots, Chromium state-key extraction, saved-login theft, and an interactive shell. The report also describes persistence through replacement of the Windows parental control service with malicious DLL and configuration files, making the activity relevant for defenders tracking Konni-style post-exploitation and credential theft.