KONNI RAT Malware is back, but this time with a more stealthy version.

Short News:-

A North Korean-affiliated cyberespionage group has resurfaced with a more stealthy version of its remote access trojan, dubbed Konni. A new feature of the backdoor is the use of AES encryption instead of Base64 encoding to protect its strings and hide their true intent.

Detailed News:-

A North Korean-affiliated cyberespionage group has resurfaced with a more stealthy version of its remote access trojan, dubbed Konni, to target Russian and South Korean political institutions.

Roberto Santos, a Malwarebytes researcher, said, "The authors are constantly making code improvements." "As critical parts of the executable are now encrypted, their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection harder."

New Year's Eve malware compromises at Russia's Ministry of Foreign Affairs (MID) have been staged by a group thought to be operating under the Kimsuky guise in recent attacks.

Microsoft Office documents are typically used to infect computers in this type of attack because they can be opened and activate a multi-stage process that helps the attackers gain access, evade detection, and ultimately deploy a malicious payload on compromised systems.

A new feature of the backdoor is the use of AES encryption instead of Base64 encoding to protect its strings and hide their true intent. In addition, AES has been used to encrypt the various support files that were dropped to aid in the compromise.

Using a repurposed algorithm, they created a file layout that was exactly the same as what was seen in raw memory when the strings were protected.

How quickly sophisticated actors can evolve their tactics and techniques to create something powerful and effective that can go undetected is demonstrated by the significant updates.