Security researchers at Malwarebytes Labs have uncovered an ongoing malware campaign that is mainly targeting Russia with the Konni RAT.
The KONNI RAT was first spotted by Cisco Talos researchers in 2017, it has been undetected since 2014 and was employed in highly targeted attacks. The RAT was able to avoid detection due to continuous evolution, it is able of executing arbitrary code on the target systems and stealing data.
Malwarebytes experts discovered two weaponized documents written in the Russian language, one using the trade and economic issues between Russia and the Korean Peninsula as a lure. The second document used a meeting of the intergovernmental Russian-Mongolian commission as a lure.
Malware researchers noticed multiple differences between this campaign and previous ones orchestrated by the North Korea-linked APT group, including:
Experts observed infections also in other countries, including Japan, Nepal, Mongolia, and Vietnam.
Additional details, including Indicators of Compromise (IoC), are reported in the analysis published by Malwarebytes.
(SecurityAffairs – hacking, Konni RAT)