KONNI Adopts AI to Generate PowerShell Backdoors
Contents
Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. The group typically relies on spear-phishing that delivers weaponized documents themed around geopolitical issues and activity on the Korean Peninsula.
In this publication, we describe a recent KONNI operation aimed at software developers and engineering teams. The attackers use lure content designed to look like legitimate project documentation, often tied to blockchain and crypto initiatives. This targeting suggests an intent to compromise targets with access to blockchain-related resources and infrastructure.
While the delivery and staging steps align with KONNI’s established tradecraft, the campaign shows signs of broader targeting across the APAC region, extending beyond the group’s usual focus areas. Another notable aspect of the …
In this publication, we describe a recent KONNI operation aimed at software developers and engineering teams. The attackers use lure content designed to look like legitimate project documentation, often tied to blockchain and crypto initiatives. This targeting suggests an intent to compromise targets with access to blockchain-related resources and infrastructure.
While the delivery and staging steps align with KONNI’s established tradecraft, the campaign shows signs of broader targeting across the APAC region, extending beyond the group’s usual focus areas. Another notable aspect of the …
IoC
c79ef37866b2dff0afb9ca07b4a7c381ba0b201341f969269971398b69ade5d5
c040756802a217abf077b2f14effb1ed68e36165fde660fef8ff0cfa2856f25d
f619d63aa8d09bafb13c812bf60f2b9189a8dc696c7cef2f246c6b223222e94c
b411fbe03d429556ced09412dd26dc972ee55cff907bfdb5594fe9e3f1c9f0b2
fcc9b2ac73a0ca01fb999e6aa1a8bdbd89e632939443bcc9186ae1294089123e
39fdff2ea1a5e2b6151eccc89ca6d2df33b64e09145768442cec93a578f1760c
26356e12aae0a2ab1fd0ec15d49208603d3dd1041d50a0b153ab577319797715
a1d4272ec0ce88f9c697b3e6c70624ec5f1ad9a83c9e64120b5ee21688365af9
856ac810f4a00a7e3fa89aec4c94cc166ae6ccf06c3557e9694f8639223ce25d
e57fa2d1d3e2bff9603ce052e51a8d6ee5c6d207633765b401399b136249ca35
c94e58f134c26c3dc25f69e4da81d75cbf4b4235bcfb40b17754da5fe07aad0a
3b67217507e0c44bd7a4cfafed0e8958d21594c98eec43a999614815a7060410
de75afa15029283154cf379bc9bb7459cbcd548ff9d11efe24eb2fde7552af07
8647209127d998774179aa889d2fcc664153d73557e2cca5f29c261c48dd8772
b958d4d6ce65d1c081800fc14e558c34daff3b28cdd45323d05b8d40c4146c3c
b15f95d0f269bc1edce0e07635681d7dd478c0daa82c6bfd50c551435eba10ff
c2ec24dea46273085daa82e83c1c38f3921c718a61f617a66e8b715d1dcc0f57
fb9f16a8900bae93dd93b5d059a0d2997c1db7198acf731f3acf1696a19eeead
c3c8d6ea686ad87ca2c6fcb5d76da582078779ed77c7544b4095ecd7616ba39d
af8ca986a52e312fb85f97b235e4b406d665d7ac09cbdb5e25662d4c508ebad4
ec8c191ad171cf40461dc870b02f5c4e9904f9fec1191174d524b1fb3cbde47f
738637fcb82920f418111c0cd83d74d9a0807972a73abfbdc71b7446e5bd6a9d
159f81fc57399186503190562f28b2dd430d8cc07303e15e2ec60aee6bca798c
eec55e9a7f27f2ecaba71735fbd636679783ff60d9019eabf8216beebd47300b
20e61936144822399149e651da665eb67b16e90ec824dac3d9eec8a4da42fdd2
851695cb3807a693aae25c8b9ade20a90eaea6802bc619c1d19d121a92aef7a0
1ebc4542905c8d4fd8ac6f6d9fadeef51698e5916f6ce1bcc61dcfdea02758ec
48585baa9f1c2b721bb8c4fbd88eff65f8fa580a662aadcd143bc4fda6590156
f8e86693916be2178b948418228d116a8f73c7856e11c1f4470b8c413268c6c8
64e6a852fc2e4d3e357222692eefbf445c2bd9ba654b83e64fe9913f2bb115cc
26a01ffa237241e31a59f1ff4d62a063f55c97598732d55855cce18b8b27b2d6
c040756802a217abf077b2f14effb1ed68e36165fde660fef8ff0cfa2856f25d
f619d63aa8d09bafb13c812bf60f2b9189a8dc696c7cef2f246c6b223222e94c
b411fbe03d429556ced09412dd26dc972ee55cff907bfdb5594fe9e3f1c9f0b2
fcc9b2ac73a0ca01fb999e6aa1a8bdbd89e632939443bcc9186ae1294089123e
39fdff2ea1a5e2b6151eccc89ca6d2df33b64e09145768442cec93a578f1760c
26356e12aae0a2ab1fd0ec15d49208603d3dd1041d50a0b153ab577319797715
a1d4272ec0ce88f9c697b3e6c70624ec5f1ad9a83c9e64120b5ee21688365af9
856ac810f4a00a7e3fa89aec4c94cc166ae6ccf06c3557e9694f8639223ce25d
e57fa2d1d3e2bff9603ce052e51a8d6ee5c6d207633765b401399b136249ca35
c94e58f134c26c3dc25f69e4da81d75cbf4b4235bcfb40b17754da5fe07aad0a
3b67217507e0c44bd7a4cfafed0e8958d21594c98eec43a999614815a7060410
de75afa15029283154cf379bc9bb7459cbcd548ff9d11efe24eb2fde7552af07
8647209127d998774179aa889d2fcc664153d73557e2cca5f29c261c48dd8772
b958d4d6ce65d1c081800fc14e558c34daff3b28cdd45323d05b8d40c4146c3c
b15f95d0f269bc1edce0e07635681d7dd478c0daa82c6bfd50c551435eba10ff
c2ec24dea46273085daa82e83c1c38f3921c718a61f617a66e8b715d1dcc0f57
fb9f16a8900bae93dd93b5d059a0d2997c1db7198acf731f3acf1696a19eeead
c3c8d6ea686ad87ca2c6fcb5d76da582078779ed77c7544b4095ecd7616ba39d
af8ca986a52e312fb85f97b235e4b406d665d7ac09cbdb5e25662d4c508ebad4
ec8c191ad171cf40461dc870b02f5c4e9904f9fec1191174d524b1fb3cbde47f
738637fcb82920f418111c0cd83d74d9a0807972a73abfbdc71b7446e5bd6a9d
159f81fc57399186503190562f28b2dd430d8cc07303e15e2ec60aee6bca798c
eec55e9a7f27f2ecaba71735fbd636679783ff60d9019eabf8216beebd47300b
20e61936144822399149e651da665eb67b16e90ec824dac3d9eec8a4da42fdd2
851695cb3807a693aae25c8b9ade20a90eaea6802bc619c1d19d121a92aef7a0
1ebc4542905c8d4fd8ac6f6d9fadeef51698e5916f6ce1bcc61dcfdea02758ec
48585baa9f1c2b721bb8c4fbd88eff65f8fa580a662aadcd143bc4fda6590156
f8e86693916be2178b948418228d116a8f73c7856e11c1f4470b8c413268c6c8
64e6a852fc2e4d3e357222692eefbf445c2bd9ba654b83e64fe9913f2bb115cc
26a01ffa237241e31a59f1ff4d62a063f55c97598732d55855cce18b8b27b2d6