India, Feb. 4 -- North Korean KONNI malware targets developers in a newly observed phishing campaign that signals a notable change in both targeting strategy and technical execution. The activity, tracked by Check Point Research, shows the threat actor moving away from its historical focus on political and diplomatic targets.

The campaign relies on phishing messages crafted to resemble legitimate software project documentation, suggesting an intent to compromise individuals with access to technical infrastructure rather than traditional government-linked entities.

KONNI is a North Korea-affiliated cyber espionage group active since at least 2014. Its earlier campaigns largely focused on South Korean diplomatic, academic, and government-...