BleepingComputer reports that intrusions with an AI-generated PowerShell malware have been launched by North Korean hacking operation Konni, also known as TA406 and Opal Sleet, against blockchain developers and engineers across the Asia-Pacific.Attackers sent targets a Discord-hosted link delivering a ZIP archive, which includes a PDF alongside a nefarious LNK file that executes a PowerShell loader that then facilitates DOCX document and CAB archive extraction, according to a report from Check Point analysts. Included within the CAB file are a pair of batch files that establish a backdoor staging directory and an hourly scheduled task, with the latter decrypting an XOR-encrypted PowerShell script.Hardware, software, and user activity inspections are conducted by the PowerShell backdoor which featured structured documentation, a modular layout, and a comment indicating AI-assisted development before being executed, with the malware then removing User Account Control bypass artifacts, adding exclusions for Windows Defender, and elevating privileges.
AI/ML, Malware, Threat Intelligence
New AI-based malware harnessed by North Korean Konni hackers

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



