Security News > 2020 > August > CISA Warns of Phishing Emails Delivering KONNI Malware
The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan.
Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.
In an alert published on Friday, CISA warns of emails delivering Microsoft Word documents that contain malicious Visual Basic Application macro code designed to fetch and install the KONNI malware.
CISA also explains that information KONNI can collect from infected machines includes IP addresses, usernames, a list of running processes, as well as details on operating system, connected drives, hostname, and computer name.
The agency has published a list of MITRE ATT&CK techniques associated with KONNI, as well as Snort signatures for defenders to use in detecting KONNI exploits.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Israeli orgs targeted with wiper malware via ESET-branded emails (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)