Malware: Eyes On North Korea

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, TECHNOLOGY--Hackers

A previously unknown RAT (Remote Administration Tool) has been uncovered after evading detection by the security community for more than three years. Lately, its targets are associated with North Korean affairs. 

Cisco Talos, which discovered the malware, has named it KONNI. It allows the operator to steal files, keystrokes, perform screenshots and execute arbitrary code on the infected host. The last two campaigns by KONNI suggests that the targets are public organisations. 

The investigation revealed targeted email addresses, phone numbers and contacts of members of official organisations such as United Nations, UNICEF and embassies linked to North Korea.

The actor has used social engineering and an email attachment for the entire three years being active, over the course of four campaigns, though the functionality of KONNI has evolved from simply being an information stealer without remote administration to what it is today. 

Talos noted that the different versions contain copy/pasted code from previous versions, and, the new version searches for files generated by previous versions, meaning the malware has been used several times against the same targets.

The last campaign was started recently and is still active, and the infrastructure remains up and running.

“The RAT has remained under the radar for multiple years. An explanation could be the fact that the campaign was very limited nature, which does not arouse suspicion,” Cisco said in an analysis. “This investigation shows that the author has evolved technically (by implementing new features) and in the quality of the decoy documents. 

“The campaign of April 2017 used pertinent documents containing potentially sensitive data. More-over the metadata of the Office document contains the names of people who seems to work for a public organisation. We don't know if the document is a legitimate compromised document or a fake that the attacker has created in an effort to be credible.”

Researchers added, “Clearly the author has a real interest in North Korea, with three of the four campaigns are linked to North Korea.”

Infosecurity

You Might Also Read:

US vs. North Korea Cyberwar Underway:

Cyber Attacks Against Korean Missile Launches:

Surprise: N Korea Hacked S Korea Cyber Command:

 

 

« Thieves Drain Protected Bank Accounts
The Cybersecurity Threats That Keep Banks Alert »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.