Konni APT exploits WinRAR vulnerability (CVE-2023-38831) targeting the cryptocurrency industry
Contents
Author: Nan&XWS@Knownsec 404 Advanced Threat Intelligence team
Chinese version: https://paper.seebug.org/3032/
1. Attack Activity Overview
In a recent research report from the Knownsec 404 Advanced Threat Intelligence team, titled "Analysis of the recent offensive operations conducted by North Korean APT groups", APT37 & Konni groups' recent attacks on South Korea were discussed. The tactics, techniques, and procedures (TTPs) used by the Konni group leaned more towards their usual methods of targeting South Korea. During our hunting process, we also observed adjustments in the TTPs used by Konni when targeting areas outside of South Korea.
As is well known that North Korean APT groups have long considered the cryptocurrency industry as a target for their attacks. However, attacks by North Korea on cryptocurrency/financial-related industries have often been attributed to the Lazarus group. This recent wave of attacks is noteworthy for revealing that, apart from the Lazarus Group, there are other North Korean-affiliated entities engaging in targeted …
Chinese version: https://paper.seebug.org/3032/
1. Attack Activity Overview
In a recent research report from the Knownsec 404 Advanced Threat Intelligence team, titled "Analysis of the recent offensive operations conducted by North Korean APT groups", APT37 & Konni groups' recent attacks on South Korea were discussed. The tactics, techniques, and procedures (TTPs) used by the Konni group leaned more towards their usual methods of targeting South Korea. During our hunting process, we also observed adjustments in the TTPs used by Konni when targeting areas outside of South Korea.
As is well known that North Korean APT groups have long considered the cryptocurrency industry as a target for their attacks. However, attacks by North Korea on cryptocurrency/financial-related industries have often been attributed to the Lazarus group. This recent wave of attacks is noteworthy for revealing that, apart from the Lazarus Group, there are other North Korean-affiliated entities engaging in targeted …
IoC
1536e9bf086982c072c2cba7d42b0a62
http://e9f0dkd.c1.biz
http://ske9dhn.c1.biz
http://e9f0dkd.c1.biz
http://ske9dhn.c1.biz