Security News > 2022 > July > North Korean hackers attack EU targets with Konni RAT malware
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.
In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.
Konni has been associated with North Korean cyberattacks since 2014, and most recently, it was seen in a spear-phishing campaign targeting the Russian Ministry of Foreign Affairs.
The attack begins with the arrival of a phishing email with an archive attachment containing a Word document and a Windows Shortcut file.
Extract state keys stored in the Local State file for cookie database decryption, useful in MFA bypassing.
In the fourth stage of the attack, as shown in the diagram below, the hackers download additional files that support the function of the modified Konni sample, fetching them as compressed ".
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)