• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
north korean hackers return with stealthier variant of konni rat

North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

You are here: Home / General Cyber Security News / North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware
January 28, 2022

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its distant accessibility trojan called Konni to attack political institutions found in Russia and South Korea.

“The authors are regularly producing code improvements,” Malwarebytes researcher Roberto Santos mentioned. “Their endeavours are aimed at breaking the regular move recorded by sandboxes and generating detection harder, especially through typical signatures as critical areas of the executable are now encrypted.”

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Most the latest intrusions staged by the team, thought to be running below the Kimsuky umbrella, included focusing on the Russian Federation’s Ministry of International Affairs (MID) with New 12 months lures to compromise Windows systems with malware.

The infections, as with other attacks of this kind, starts with a malicious Microsoft Office environment document that, when opened, initiates a mult-stage approach that requires various shifting parts that help the attackers elevate privileges, evade detection, and ultimately deploy the Konni RAT payload on compromised techniques.

Prevent Data Breaches

A new addition to the backdoor’s present capabilities is the transition from Foundation64 encoding to AES encryption to secure its strings and for obfuscating their legitimate function. On top of that, the a variety of guidance documents dropped to aid the compromise are also now encrypted employing AES.

“Cleverly, they reused the algorithm employed for string protection, earning the file layout similar to the protected strings layout, as they appear in raw memory,” Santox thorough.

The substantial updates are an example of how swiftly sophisticated actors can evolve their strategies and tactics to create one thing strong and powerful that can go previous security and detection layers.

Identified this article intriguing? Observe THN on Facebook, Twitter  and LinkedIn to study additional distinctive content we write-up.


Some sections of this short article are sourced from:
thehackernews.com

Previous Post: «podcast transcript: inside the ddos arms race Podcast transcript: Inside the DDoS arms race
Next Post: North Korean Hackers Using Windows Update Service to Infect PCs with Malware north korean hackers using windows update service to infect pcs»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.