Malware: Eyes On North Korea

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, TECHNOLOGY--Hackers

A previously unknown RAT (Remote Administration Tool) has been uncovered after evading detection by the security community for more than three years. Lately, its targets are associated with North Korean affairs. 

Cisco Talos, which discovered the malware, has named it KONNI. It allows the operator to steal files, keystrokes, perform screenshots and execute arbitrary code on the infected host. The last two campaigns by KONNI suggests that the targets are public organisations. 

The investigation revealed targeted email addresses, phone numbers and contacts of members of official organisations such as United Nations, UNICEF and embassies linked to North Korea.

The actor has used social engineering and an email attachment for the entire three years being active, over the course of four campaigns, though the functionality of KONNI has evolved from simply being an information stealer without remote administration to what it is today. 

Talos noted that the different versions contain copy/pasted code from previous versions, and, the new version searches for files generated by previous versions, meaning the malware has been used several times against the same targets.

The last campaign was started recently and is still active, and the infrastructure remains up and running.

“The RAT has remained under the radar for multiple years. An explanation could be the fact that the campaign was very limited nature, which does not arouse suspicion,” Cisco said in an analysis. “This investigation shows that the author has evolved technically (by implementing new features) and in the quality of the decoy documents. 

“The campaign of April 2017 used pertinent documents containing potentially sensitive data. More-over the metadata of the Office document contains the names of people who seems to work for a public organisation. We don't know if the document is a legitimate compromised document or a fake that the attacker has created in an effort to be credible.”

Researchers added, “Clearly the author has a real interest in North Korea, with three of the four campaigns are linked to North Korea.”

Infosecurity

You Might Also Read:

US vs. North Korea Cyberwar Underway:

Cyber Attacks Against Korean Missile Launches:

Surprise: N Korea Hacked S Korea Cyber Command:

 

 

« Thieves Drain Protected Bank Accounts
The Cybersecurity Threats That Keep Banks Alert »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.