An unknown threat actor has been quietly carrying out intermittent cyber campaigns against North Korean organizations for at least the last three years using a relatively unsophisticated but constantly evolving Remote Access Trojan. The motivations behind the Konni campaigns remain unclear, but could be related to hacktivism. The malware has typically been distributed via phishing emails and includes a decoy document. The data that the malware gathers is then used to launch specific attacks against targeted organizations, Cisco’s Talos security group has noted.”]