Security News > 2022 > July > North Korean hackers attack EU targets with Konni RAT malware
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.
In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.
Konni has been associated with North Korean cyberattacks since 2014, and most recently, it was seen in a spear-phishing campaign targeting the Russian Ministry of Foreign Affairs.
The attack begins with the arrival of a phishing email with an archive attachment containing a Word document and a Windows Shortcut file.
Extract state keys stored in the Local State file for cookie database decryption, useful in MFA bypassing.
In the fourth stage of the attack, as shown in the diagram below, the hackers download additional files that support the function of the modified Konni sample, fetching them as compressed ".
News URL
Related news
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)