Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group
Contents
◈ Key Findings
- Initial access was achieved through a spear-phishing email disguised as a notice appointing the recipient as a North Korean human rights lecturer.
- After the spear-phishing attack succeeded, the victim executed a malicious LNK file, resulting in infection with remote access malware.
- The malware remained concealed and persistent on the victim’s endpoint for an extended period, stealing internal documents and sensitive information.
- After gaining unauthorized access to the victim’s KakaoTalk PC application, the threat actor selectively chose contacts from the friend list for secondary distribution of the malicious file.
- The threat actor used North Korea-related lure content to deceive recipients and leveraged victims as channels for further distribution.
- This incident highlighted the need for an EDR-centered response framework to support behavior-based threat detection.
1. Overview
Genians Security Center conducted an in-depth analysis of a malware distribution campaign by the Konni APT group that used North Korea-themed content as a lure.
The …
- Initial access was achieved through a spear-phishing email disguised as a notice appointing the recipient as a North Korean human rights lecturer.
- After the spear-phishing attack succeeded, the victim executed a malicious LNK file, resulting in infection with remote access malware.
- The malware remained concealed and persistent on the victim’s endpoint for an extended period, stealing internal documents and sensitive information.
- After gaining unauthorized access to the victim’s KakaoTalk PC application, the threat actor selectively chose contacts from the friend list for secondary distribution of the malicious file.
- The threat actor used North Korea-related lure content to deceive recipients and leveraged victims as channels for further distribution.
- This incident highlighted the need for an EDR-centered response framework to support behavior-based threat detection.
1. Overview
Genians Security Center conducted an in-depth analysis of a malware distribution campaign by the Konni APT group that used North Korea-themed content as a lure.
The …
IoC
http://178.16.54.208
http://185.21.14.249
http://157.180.88.26
http://drfeysal.com
http://96.62.214.5
178.16.54.208
96.62.214.5
185.21.14.249
157.180.88.26
61f65bd593ea0e52ac0dfdc6bc9cd73a
3288c284561055044c489567fd630ac2
7dc50e8af0070e544bff5299405cd3b9
01022facb38cf60b052e65a682f4a127
148405ff05bf15a6a053e4e7c1795d40
461ade40b800ae80a40985594e1ac236
2e1b0ac49313873a0e0b982c591a5264
http://185.21.14.249
http://157.180.88.26
http://drfeysal.com
http://96.62.214.5
178.16.54.208
96.62.214.5
185.21.14.249
157.180.88.26
61f65bd593ea0e52ac0dfdc6bc9cd73a
3288c284561055044c489567fd630ac2
7dc50e8af0070e544bff5299405cd3b9
01022facb38cf60b052e65a682f4a127
148405ff05bf15a6a053e4e7c1795d40
461ade40b800ae80a40985594e1ac236
2e1b0ac49313873a0e0b982c591a5264