Malware: Eyes On North Korea

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, TECHNOLOGY--Hackers

A previously unknown RAT (Remote Administration Tool) has been uncovered after evading detection by the security community for more than three years. Lately, its targets are associated with North Korean affairs. 

Cisco Talos, which discovered the malware, has named it KONNI. It allows the operator to steal files, keystrokes, perform screenshots and execute arbitrary code on the infected host. The last two campaigns by KONNI suggests that the targets are public organisations. 

The investigation revealed targeted email addresses, phone numbers and contacts of members of official organisations such as United Nations, UNICEF and embassies linked to North Korea.

The actor has used social engineering and an email attachment for the entire three years being active, over the course of four campaigns, though the functionality of KONNI has evolved from simply being an information stealer without remote administration to what it is today. 

Talos noted that the different versions contain copy/pasted code from previous versions, and, the new version searches for files generated by previous versions, meaning the malware has been used several times against the same targets.

The last campaign was started recently and is still active, and the infrastructure remains up and running.

“The RAT has remained under the radar for multiple years. An explanation could be the fact that the campaign was very limited nature, which does not arouse suspicion,” Cisco said in an analysis. “This investigation shows that the author has evolved technically (by implementing new features) and in the quality of the decoy documents. 

“The campaign of April 2017 used pertinent documents containing potentially sensitive data. More-over the metadata of the Office document contains the names of people who seems to work for a public organisation. We don't know if the document is a legitimate compromised document or a fake that the attacker has created in an effort to be credible.”

Researchers added, “Clearly the author has a real interest in North Korea, with three of the four campaigns are linked to North Korea.”

Infosecurity

You Might Also Read:

US vs. North Korea Cyberwar Underway:

Cyber Attacks Against Korean Missile Launches:

Surprise: N Korea Hacked S Korea Cyber Command:

 

 

« Thieves Drain Protected Bank Accounts
The Cybersecurity Threats That Keep Banks Alert »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.