North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

[LASER_oneXM]

Content source

https://thehackernews.com/2022/01/north-korean-hackers-return-with.html

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea.

"The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection harder, especially via regular signatures as critical parts of the executable are now encrypted."

Most recent intrusions staged by the group, believed to be operating under the Kimsuky umbrella, involved targeting the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware.

 

[ForgottenSeer 69673]

Lazarus, a known cybercrime group with ties to the North Korean government, has managed to abuse the Windows Update Client to distribute malware, cybersecurity researchers from Malwarebytes have found.

Windows Update hijacked to infect PCs with malware