KONNI Malware

Pierluigi Paganini January 24, 2020
NK CARROTBALL dropper used in attacks on U.S. Govn Agency

A US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. government agency and non-US foreign nationals. Experts attribute the attack to the Konni […]

Pierluigi Paganini October 03, 2018
Researchers associated the recently discovered NOKKI Malware to North Korean APT

Security experts from Palo Alto Networks have collected evidence that links the recently discovered NOKKI malware to North Korea-Linked APT. Researchers from Palo Alto Networks have spotted a new variant of the KONNI malware, tracked as NOKKI. that was attributed to North Korea-linked attackers. NOKKI borrows the code from the KONNI malware, the latter is a remote access Trojan […]

Pierluigi Paganini August 10, 2017
Experts found a link between the KONNI attacks and DarkHotel campaigns against NK

Experts at Cylance noticed that the decoy document used in KONNI attacks is similar to the one used in recent campaigns of the DarkHotel APT. In May, Cisco Talos team discovered a RAT dubbed KONNI malware that targets organizations linked to North Korea. The malware, dubbed by researchers “KONNI,” was undetected for more than 3 years and was used […]

Pierluigi Paganini May 05, 2017
Threat actors leverage the KONNI Malware to target organizations linked to North Korea

Cisco Talos team discovered a RAT dubbed KONNI malware that target organizations linked to North Korea. Here you are an analysis of its evolution. Security researchers at Cisco Talos team have discovered a remote access Trojan (RAT) that target organizations linked to North Korea. The malware, dubbed by researchers “KONNI,” was undetected for more than 3 years and […]