Opening the trojanized installer, which is in MSI format, would trigger an infection sequence that eventually launches Konni RAT, which had been used by North Korean threat groups Kimsuky and ScarCruft for command execution and file transfers, according to a report from DCSO. "To some extent, this should not come as a surprise; increasing strategic proximity would not be expected to fully overwrite extant DPRK collection needs, with an ongoing need on the part of the DPRK to be able to assess and verify Russian foreign policy planning and objectives," said DCSO researchers.