Comparable tactics, techniques, and procedures have been leveraged by North Korean threat group Konni, which has been tied to Kimsuky, in its escalating cyberespionage operations against Russia and South Korea, according to The Record, a news site by cybersecurity firm Recorded Future.
Konni's intrusions against both countries commence with the distribution of phishing emails using finance, scholarship, and tax lures for initial access before proceeding with the delivery of a remote access trojan for total system takeovers, a report from South Korean cybersecurity firm Genians showed. After utilizing executable files to inject malicious modules on compromised devices, Konni proceeds with inputting internal commands to establish a link between the infected device and its command-and-control server, Genians researchers reported. "Threat actors have been using similar patterns and attack scenarios for years. However, they are also combining anomalous attack tactics to increase their success rate," said researchers.
