Konni APT
-
Konni uses compromised KakaoTalk desktops to spread EndRAT via spear-phishing
Konni used spear-phishing to install EndRAT and other RATs then abused compromised KakaoTalk desktops to send malicious ZIP attachments to selected contacts maintaining long-term persistence and stealing internal documents.
-
Konni uses AI generated PowerShell malware to target blockchain developers
Konni used AI generated PowerShell malware to target blockchain developers in Japan, Australia and India, using spear-phishing with LNK files and multi stage loaders to deploy a persistent backdoor, according to a Check Point Research technical report.
-
North Korean-linked group used Google device service to wipe South Korean Android phones
South Korean researchers say the North Korean-linked KONNI group abused Google’s device-management features to remotely factory-reset Android phones, using stolen credentials harvested via phishing and RATs spread over KakaoTalk.
-
North Korean Konni APT Expands Phishing Attacks Targeting Ukraine
Konni APT, a North Korean threat actor, is reportedly conducting a phishing campaign aimed at Ukrainian government entities, signaling a strategic shift in its operations from Russia. The group aims to collect critical intelligence on the ongoing conflict, utilizing sophisticated phishing techniques and malware.
