AI/ML, Malware, Threat Intelligence

New AI-based malware harnessed by North Korean Konni hackers

North Korea digital technology flag cyber background. North Korean banner cyberattack and espionage concept illustration.

BleepingComputer reports that intrusions with an AI-generated PowerShell malware have been launched by North Korean hacking operation Konni, also known as TA406 and Opal Sleet, against blockchain developers and engineers across the Asia-Pacific.

Attackers sent targets a Discord-hosted link delivering a ZIP archive, which includes a PDF alongside a nefarious LNK file that executes a PowerShell loader that then facilitates DOCX document and CAB archive extraction, according to a report from Check Point analysts. Included within the CAB file are a pair of batch files that establish a backdoor staging directory and an hourly scheduled task, with the latter decrypting an XOR-encrypted PowerShell script.

Hardware, software, and user activity inspections are conducted by the PowerShell backdoor which featured structured documentation, a modular layout, and a comment indicating AI-assisted development before being executed, with the malware then removing User Account Control bypass artifacts, adding exclusions for Windows Defender, and elevating privileges.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds