Konni RAT deployed via backdoored Russian government tool installer

24 February 2024

Attacks with the Konni RAT backdoor, also known as UpDog, have been deployed by North Korean threat actors under the Konni activity cluster, also known as TA406, Opal Sleet, and Osmium, against Russia through the compromise of an installer for software used by the Russian Ministry of Foreign Affairs for managing reports submitted to its Consular Department, reports The Hacker News. Opening the trojanized installer, which is in MSI format, would trigger an infection sequence that eventually launches Konni RAT, which had been used by North Korean threat groups Kimsuky and ScarCruft for command execution and file transfers, according to a report from DCSO.

Source: SC Magazine

Date:

24 February 2024

Categorie(s):

NEWS

Tag(s):

IT, News, RAT, Russian, Threat Intelligence

Google launches 1B passkey authentications and new security updates2 May 2024
Three-Quarters of CISOs Admit App Security Incidents2 May 2024
New SOHO router malware aims for cloud accounts, internal company resources2 May 2024
Security Breach Exposes Dropbox Sign Users2 May 2024
Six common developer security fails that lead to cloud risks2 May 2024