Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking...

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence AI tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary'...

Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack

North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign...

Konni Hackers Turn Google's Find Hub into a Remote Data-Wiping Weapon

The North Korea-affiliated threat actor known as Konni aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonated psychological counselors and North Korean...

North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on th...

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning ERP vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center ASEC, which identified the attack in May 2024, did not attribute it to a known threat act...

Russian Ministry Software Backdoored with North Korean KONNI Malware

By Waqas Friend or Foe? This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware...

Russian Government Software Backdoored to Deploy Konni RAT Malware

An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs MID has been backdoored to deliver a remote access trojan called Konni RAT aka UpDog. The findings come from German cybersecurity company DCSO, which linked the activity as originating from t...

Dissemination of the Konni Campaign Through Malicious Documents

Summary: The Konni campaign has resurfaced in a new phishing attack employing a Russian-language Microsoft Word document to distribute malware. The malicious software aims to harvest sensitive information from compromised Windows hosts. Threat Level - Red | Attack Report For a detailed threat...

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a...

Konni RAT Exploiting Word Docs to Steal Data from Windows

By Deeba Ahmed Konni RAT is back! This is a post from HackRead.com Read the original post: Konni RAT Exploiting Word Docs to Steal Data from Windows...

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U....

APT37 employs Konni malware to target high-level organizations

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The Konni remote access trojan, which is widely used malware by the APT37, is used in the attack campaign to take advantage of high-value targets from countries like the Czech Republic, Poland, and many others...

North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said...

KONNI evolves into stealthier RAT

This blog post was authored by Roberto Santos KONNI is a Remote Administration Tool that has being used for at least 8 years. The North Korean threat actor that is using this piece of malware has being identified under the Kimsuky umbrella. This group has been very busy, attacking political...

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs MID with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature o...

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterpris...

Konni RAT variant targeting Russia in ongoing attack campaign

By Waqas So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. This is a post from HackRead.com Read the original post: Konni RAT variant targeting Russia in ongoing attack campaign...

New variant of Konni malware used in campaign targetting Russia

This blog post was authored by Hossein Jazi In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We discovered two documents...

Phishing Emails Used to Deploy KONNI Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency CISA has observed cyber actors using emails containi...