Konni RAT, was detected in 2014 and through phishing-type campaigns begins the distribution phase with the use of Microsoft office documents that contain embedded malicious macros, which must be enabled by the user, unfortunately a cyber espionage group with links with North Korea it has re-emerged with a stealthier variant of Konni to attack political institutions located in Russia and South Korea.
The most recent intrusions staged by the group, which is believed to operate under the group Kimsuky, involved targeting the Russian Federation’s Ministry of Foreign Affairs (MID) with New Year’s lures to compromise Windows systems with malware.
Infections, as with other such attacks, begin with a malicious Microsoft Office document which, when opened, initiates a multi-stage process involving multiple moving parts that help attackers elevate privileges, evade detection and ultimately implement Konni RAT. payload on compromised systems.
A new addition to the existing backdoor capabilities is the transition from Base64 encoding to AES encryption to protect your strings and obfuscate their true purpose. On top of that, the various support files removed for easy compromise are now also encrypted using AES.
Updates to these types of threats are an example of how quickly actors can develop their tactics and techniques to create something powerful and effective that can get past layers of security and detection and that is why staying grounded and cool is essential to avoid this kind of problems.
