North Korean advanced persistent threat group Konni, which is associated with Kimsuky and APT37, has exploited the widely used South Korean instant messaging app KakaoTalk to facilitate malware distribution and data theft as part of a spear-phishing campaign, United Press International reports.Illicit emails purporting to be an appointment as a lecturer on North Korean human rights concerns have been spread by Konni to lure recipients into executing a malicious shortcut file that injected remote access malware on targeted computers, a report from the Genians Security Center found. After obtaining internal files and other sensitive data, Konni proceeded to hijack targets' KakaoTalk desktop sessions and spread the malicious files to their contact lists."This campaign is assessed as a multi-stage operation that extends beyond simple spear-phishing, combining long-term persistence, information theft, and account-based redistribution," said the report. Such findings come months after Konni was reported by Genians as having launched spear-phishing intrusions involving human rights and financial organization spoofing.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds