GET A CONSULTATION

By Cluster25 Threat Intel Team
January 3, 2022

konni-Jul-15-2022-01-47-47-70-AM

Cluster25 analyzed a recent attack linked to the North Korean APT group “Konni” targeting Russian diplomatic sector using a spear phishing theme for New Year’s Eve festivities as lure.

Once the malicious email attachment is opened and executed, a chain composed by multiple stages is triggered, allowing actor to install an implant belonging to the Konni RAT family as final payload.

Download Now »

Malware, Intelligence
Like it? Share it:

You may also like

2021 Ransomware Bulletin: Recent, Past and Near Future of Cyber Extortion
2021 Ransomware Bulletin: Recent, Past and Near Future of Cyber Extortion
January 12, 2022

This past year 2021 was characterized by an increase in ransomware incidents, not only in regards to occurrence but also...

Read this article

A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor
A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor
June 3, 2021

This paper presents an analysis of a new and never publicly reported malware internally dubbed as SkinnyBoy. Based on lo...

Read this article

The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
May 3, 2022

NOTICE: After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two a...

Read this article