Konni Trojan used to Attack North Korean Targets

Security researchers, of late, identified several malware assaults believably aimed at North Korea, possibly as an act of vengeance following the country's latest experiments with advanced weapons, according to reports from Cyberscoop.

The experts detected dual sophisticated malware attacks targeting North Korean organizations, with the attacks apparently launched sometime following a successful test by the country of one ICBM (intercontinental ballistic missile) during latter part of June.

The researchers hitherto counted 3 different attacks during 2017 wherein attackers used Trojan Konni vis-à-vis North Korean targets. Darkreading.com posted this dated August 8, 2017.

July 2017 witnessed the latest attack immediately after the news about the government of North Korea effectively testing one Intercontinental Ballistic Missile that could apparently target American entities. In all, a minimum of 5 different Konni campaigns have been launched on targets inside the isolated nation during recent years.

Talos Intelligence the cyber-security company under the ownership of Cisco was first to detect one campaign employing the Konni Trojan aimed against North Korea dated 6th July, only following 3rd July when North Korea launched one missile test. According to Talos then, the campaign seemed to be directly associated with the test along with the subsequent dialogue about missile technology in North Korea.

On August 8, security researchers from Cylance the security company released one likewise report about Konni, based on the findings of Talos as also linking the latest surge of the malware with certain attack aimed at the reclusive dictatorial country. One kind of remote access trojan Konni's utilization so far has been more-or-less scarce, found within merely 5 campaigns during 2015-17, with 3 of them launched in 2017.

According to the Talos security group of Cisco, the Konni malicious program is fast evolving. Back during May, within its blog post Talos stated that after analyzing the decoy documents of Konni it could be said that the entities attacked chiefly comprised embassies and public organizations associated with North Korea.

Fresh variants too have been created that hunted files which earlier Konni variants generated hinting that attackers repeatedly employed the malware vis-à-vis the same entities, points out Talos.

» SPAMfighter News - 8/16/2017