APT Group - Konni Launches New Attacks on South Korea
Contents
Overview
The Konni group, reportedly backed by a specific government, has been active since 2014 and has been conducting targeted attacks on regions such as Russia and South Korea. The group is adept at using social hot topics to carry out spear-phishing attacks on targets.
Recently, ThreatBook’s threat hunting system captured multiple Konni attacks on South Korea, revealing the following:
-
lFrom mid-April to early July 2024, the Konni group launched attacks on South Korea’s RTP engineering department and personnel involved in tax and North Korea market analysis. The group used malicious samples with Korean themes such as “meeting materials,” “tax evasion,” and “market prices” for the attack;
-
lThe Konni group used automated tools to mass-produce malicious samples, all of which were generated at the same moment on December 25, 2023, at 11:39:35, but were delivered at different times in 2024. It is speculated that a script tool was used to generate malicious samples based …
The Konni group, reportedly backed by a specific government, has been active since 2014 and has been conducting targeted attacks on regions such as Russia and South Korea. The group is adept at using social hot topics to carry out spear-phishing attacks on targets.
Recently, ThreatBook’s threat hunting system captured multiple Konni attacks on South Korea, revealing the following:
-
lFrom mid-April to early July 2024, the Konni group launched attacks on South Korea’s RTP engineering department and personnel involved in tax and North Korea market analysis. The group used malicious samples with Korean themes such as “meeting materials,” “tax evasion,” and “market prices” for the attack;
-
lThe Konni group used automated tools to mass-produce malicious samples, all of which were generated at the same moment on December 25, 2023, at 11:39:35, but were delivered at different times in 2024. It is speculated that a script tool was used to generate malicious samples based …
IoC
c5d67fb97a7a824168c872f8557eb52f503c9798
87dc4c8f67cffc8a9699328face923e2
2189aa5be8a01bc29a314c3c3803c2b8131f49a84527c6b0a710b50df661575e
9d6c79c0b395cceb83662aa3f7ed0123
7887cea2962c954ccb60d005da03abcf68962517d1b3e3d2a472f5d952a03f8e
0329bb5b3a450b0a8f148a57e045bf6ed40eb49a62e026bd71b021a2efc40aed
ff87a87bc552723f4aee3e7b6c75686f9d52754b3bfe7adde9e1218bc764cbc4
5ea09247ad85915a8d1066d1825061cc8348e14c4e060e1eba840d5e56ab3e4d
d7f9185ffc17b3d6f1fd91eafbf9ccc42e2d75c338571a03aec2fd44993e3d37
0aaec376904434197bae4f1a10ecfe8d4564d95fdfa8236ea960535710661c5f
https://jethropc.com
ba59f1ece68fa051400fd46467b0dc0a5294b8644c107646e75d225a45fff015
65f5f7d127c478522e9669200de20000edcb6cfb
93.183.93.185
87dc4c8f67cffc8a9699328face923e2
2189aa5be8a01bc29a314c3c3803c2b8131f49a84527c6b0a710b50df661575e
9d6c79c0b395cceb83662aa3f7ed0123
7887cea2962c954ccb60d005da03abcf68962517d1b3e3d2a472f5d952a03f8e
0329bb5b3a450b0a8f148a57e045bf6ed40eb49a62e026bd71b021a2efc40aed
ff87a87bc552723f4aee3e7b6c75686f9d52754b3bfe7adde9e1218bc764cbc4
5ea09247ad85915a8d1066d1825061cc8348e14c4e060e1eba840d5e56ab3e4d
d7f9185ffc17b3d6f1fd91eafbf9ccc42e2d75c338571a03aec2fd44993e3d37
0aaec376904434197bae4f1a10ecfe8d4564d95fdfa8236ea960535710661c5f
https://jethropc.com
ba59f1ece68fa051400fd46467b0dc0a5294b8644c107646e75d225a45fff015
65f5f7d127c478522e9669200de20000edcb6cfb
93.183.93.185