Security News > 2020 > August > CISA Warns of Phishing Emails Delivering KONNI Malware
The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan.
Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.
In an alert published on Friday, CISA warns of emails delivering Microsoft Word documents that contain malicious Visual Basic Application macro code designed to fetch and install the KONNI malware.
CISA also explains that information KONNI can collect from infected machines includes IP addresses, usernames, a list of running processes, as well as details on operating system, connected drives, hostname, and computer name.
The agency has published a list of MITRE ATT&CK techniques associated with KONNI, as well as Snort signatures for defenders to use in detecting KONNI exploits.
News URL
Related news
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices (source)
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)
- Only 1% of malicious emails that reach inboxes deliver malware (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)