The North Korean KONNI APT group has deployed AI-generated PowerShell backdoor malware targeting blockchain and cryptocurrency developers in Japan, Australia, and India. The campaign uses Discord to host malicious archives, facilitating infection. Check Point Research detailed these activities in a report published on January 21, 2026.