A North Korean cyber-espionage group has targeted Russian embassy diplomats over the winter holidays with emails carrying New Year greetings in the hopes of infecting them with malware. The attacks have been linked to a threat actor known as Konni, and have been taking place since at least December 20, cybersecurity firm Cluster25 said in a report published on Monday. “These emails used the New Year Eve 2022 festivity as decoy theme,” Cluster25 researchers said. “Contrary to its past actions, the North Korean APT group this time did not use malicious documents as attachments; instead, they attached a .zip file type named ‘поздравление.zip’, which means ‘congratulation’ in Russian, containing an embedded executable representing the first stage of the infection.” According to Cluster25, the ZIP files contained a Windows screensaver (.scr) file that, when executed, installed a screensaver with Russian holiday greetings, but also the Konni remote access trojan (RAT), the malware after which the group was named, and which granted the attacker full control over the infected systems.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased