Categories: NewsSecurity

Konni Malware Targets North Korea

It does not happen all that often that we see an instance of malware targeting North Korea specifically. After all, very little information is known about North Korea and no one wants to touch that powder keg if they can avoid it. Konni is a new type of malware targeting this country specifically, and its Remote Access Trojan has been used for over three years to steal data and profile North Korean organizations. Who is behind this attack and why are they doing this?

Konni Malware is Playing a Very Dangerous Game

Anyone who has remotely been paying attention to the news in recent months knows North Korea

is an unstable and nuclear power. No one knows for sure what the country’s objectives are or what type of harm they may possibly cause in the near future. The person responsible for deploying the Konni malware may know a lot more than the rest of the world. Deploying a remote access Trojan against such a dangerous nation could have all kinds of consequences.

Konni’s activity has transpired virtually unnoticed for nearly three years. It is possible Konni was deployed even earlier than that, since the investigation is still ongoing. This remote access Trojan is nothing sophisticated by any means, but it does its job fine and remained undiscovered until very recently. It is believed North Korean targets have suffered from attacks emanating from this malware at least three times in the year 2017 alone.

In fact, the most recent campaign involving Konni came on the heels of North Korea’s successful test of its missiles capable of reaching U.S. mainland targets. This does not necessarily mean the source of this malware is located in the United States, though. The malware has been on the radar of many different security research companies over the past few years. Such an illustrious project with no clear ties to any specific region understandably sparks a lot of speculation.

Related Post

Konni may be linked to the DarkHotel campaign, which stole information from business travelers at luxury hotels back in 2014. Specific evidence indicates the authors of both types of malware may reside within either North or South Korea. Some experts believe Konni’s creator has ties to South Korea, although no tangible evidence has ever been provided to back up those claims.

The most disconcerting aspect of this RAT (remote access Trojan) is that it appears this malware is still evolving on a regular basis. Konni is a unique RAT in this regard, as it relies on evasive techniques, social engineering, and intelligence harvesting.  It is mainly distributed through phishing emails and even comes with a decoy file to remove suspicion. Once installed, the malware runs in the background yet leaves no visual cues to users as to what is going on.

Over the course of the past three years, Konni has proven capable of deleting files, exfiltrating data, creating screenshots, uploading images to a central command & control server, and executing remote commands. Stating that this is a major threat would be a vast understatement. Despite these features, reverse engineering the RAT is still a trivial matter, as there does not appear to be any obfuscation whatsoever. Targeting North Korea is a gutsy move, but Konni seems to do the job just fine.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

1 hour ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

7 hours ago

Forget DOGE and SHIB: These 5 Memecoins Are 2025’s Millionaire Makers

The memecoin craze is evolving, and a new wave of contenders is rising. With fresh…

16 hours ago

While Ethereum Approaches $6K, XYZVerse Prepares for a 16,900% Market Shakeup

As Ethereum's value inches toward unprecedented heights, another digital asset is set to make a…

16 hours ago

Four Meme Coins That Might Disappoint and One That Could Deliver Big Gains

Meme coins are the wild cards of the crypto world—one day they're "to the moon,"…

16 hours ago

Winter’s Altcoin Season to Explode: 3 Cryptos Every Trader Should Know!

As temperatures drop, the crypto market is heating up with anticipation. This winter could witness…

16 hours ago