North Korea-linked APT group Konni targets Russian Federation’s Ministry of Foreign Affairs
Credit:
Security Affairs
Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants.
The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure. Upon opening the malicious email attachment, a multi-stage attack chain starts, the final payload is a new version of the Konni RAT family.
“The malicious activity starts from an email containing a malicious zip file, which once decompressed drops a malicious downloader able to activate a complex chain of actions finalized to deploy Konni RAT malware, named scrnsvc.dll, as Windows service.” reads the report published by Cluster25.