• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
north korean hackers return with stealthier variant of konni rat

North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

You are here: Home / General Cyber Security News / North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware
January 28, 2022

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its distant accessibility trojan called Konni to attack political institutions found in Russia and South Korea.

“The authors are regularly producing code improvements,” Malwarebytes researcher Roberto Santos mentioned. “Their endeavours are aimed at breaking the regular move recorded by sandboxes and generating detection harder, especially through typical signatures as critical areas of the executable are now encrypted.”

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Most the latest intrusions staged by the team, thought to be running below the Kimsuky umbrella, included focusing on the Russian Federation’s Ministry of International Affairs (MID) with New 12 months lures to compromise Windows systems with malware.

The infections, as with other attacks of this kind, starts with a malicious Microsoft Office environment document that, when opened, initiates a mult-stage approach that requires various shifting parts that help the attackers elevate privileges, evade detection, and ultimately deploy the Konni RAT payload on compromised techniques.

Prevent Data Breaches

A new addition to the backdoor’s present capabilities is the transition from Foundation64 encoding to AES encryption to secure its strings and for obfuscating their legitimate function. On top of that, the a variety of guidance documents dropped to aid the compromise are also now encrypted employing AES.

“Cleverly, they reused the algorithm employed for string protection, earning the file layout similar to the protected strings layout, as they appear in raw memory,” Santox thorough.

The substantial updates are an example of how swiftly sophisticated actors can evolve their strategies and tactics to create one thing strong and powerful that can go previous security and detection layers.

Identified this article intriguing? Observe THN on Facebook, Twitter  and LinkedIn to study additional distinctive content we write-up.


Some sections of this short article are sourced from:
thehackernews.com

Previous Post: «podcast transcript: inside the ddos arms race Podcast transcript: Inside the DDoS arms race
Next Post: North Korean Hackers Using Windows Update Service to Infect PCs with Malware north korean hackers using windows update service to infect pcs»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
  • Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks
  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware
  • Zoom Patches ‘Zero-Click’ RCE Bug
  • Messages Sent Through Zoom Can Expose People to Cyber-Attack
  • Verizon Report: Ransomware, Human Error Among Top Security Risks
  • How Secrets Lurking in Source Code Lead to Major Breaches
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
  • UK Government Cybersecurity Advisory Board Applications Now Open

Copyright © TheCyberSecurity.News, All Rights Reserved.