Attacks with the Konni RAT backdoor, also known as UpDog, have been deployed by North Korean threat actors under the Konni activity cluster, also known as TA406, Opal Sleet, and Osmium, against Russia through the compromise of an installer for software used by the Russian Ministry of Foreign Affairs for managing reports submitted to its Consular Department, reports The Hacker News.
Opening the trojanized installer, which is in MSI format, would trigger an infection sequence that eventually launches Konni RAT, which had been used by North Korean threat groups Kimsuky and ScarCruft for command execution and file transfers, according to a report from DCSO. "To some extent, this should not come as a surprise; increasing strategic proximity would not be expected to fully overwrite extant DPRK collection needs, with an ongoing need on the part of the DPRK to be able to assess and verify Russian foreign policy planning and objectives," said DCSO researchers.
Opening the trojanized installer, which is in MSI format, would trigger an infection sequence that eventually launches Konni RAT, which had been used by North Korean threat groups Kimsuky and ScarCruft for command execution and file transfers, according to a report from DCSO. "To some extent, this should not come as a surprise; increasing strategic proximity would not be expected to fully overwrite extant DPRK collection needs, with an ongoing need on the part of the DPRK to be able to assess and verify Russian foreign policy planning and objectives," said DCSO researchers.