Konni, known as a North Korean-linked hacking organization, is launching a multi-level attack linkin.. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Konni, known as a North Korean-linked hacking organization, is launching a multi-level attack linking spearfishing emails and KakaoTalk, which requires special attention.

Spear phishing is a method of disguising it as a normal e-mail, planting and infecting malicious code on a user’s PC, and then distributing malicious code again to friends around it.

According to a threat intelligence analysis report released by cybersecurity company Genius Security Center on the 16th, the Connie organization has recently launched this type of intelligent persistent threat (APT) attack.

The attack begins with a spearfishing e-mail disguised as a ‘guidance to appoint a North Korean human rights instructor’.

An attacker includes a malicious shortcut (LNK) file within a compressed file attached to the email to prompt the user to execute it. As soon as a user double-clicks the corresponding LNK file to open a document, a malicious script hidden inside is executed, infecting the PC.

The characteristic of this attack is that the KakaoTalk PC version installed on the infected terminal was used as a medium for the spread of the attack.

The attacker was found to have been hiding on the victim’s PC for a long time, stealing account information, and then accessing the KakaoTalk PC version session in an unauthorized manner based on this.

Since then, some of the victim’s friend lists have been selected and attacked by sending back malicious files disguised as “North Korea-related video plans.” Since this abuses the trust relationship with the existing victim, it is very likely that the recipient will open the file without any doubt.

사진 확대