Security News > 2022 > July > North Korean hackers attack EU targets with Konni RAT malware

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.
In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.
Konni has been associated with North Korean cyberattacks since 2014, and most recently, it was seen in a spear-phishing campaign targeting the Russian Ministry of Foreign Affairs.
The attack begins with the arrival of a phishing email with an archive attachment containing a Word document and a Windows Shortcut file.
Extract state keys stored in the Local State file for cookie database decryption, useful in MFA bypassing.
In the fourth stage of the attack, as shown in the diagram below, the hackers download additional files that support the function of the modified Konni sample, fetching them as compressed ".
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)