1. BITBILIHome
  2. Article

North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

58 views

TL;DR Breakdown

  • North Korean APT group Konni exploited a newly disclosed WinRAR vulnerability (CVE-2023-38831) to launch its first-ever attack on the cryptocurrency industry, marking a significant shift in its target sectors.
  • The sophisticated malware used by Konni could adapt its tactics based on the system’s architecture, employing different User Account Control (UAC) bypass techniques to execute its payload.
  • Konni’s entry into targeting the cryptocurrency sector indicates a broader strategy by North Korean hackers, raising concerns about the industry’s preparedness against advanced and evolving cybersecurity threats.

Description

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector. A new vector of attack North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm … Read more

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector.

A new vector of attack

North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm Chuangyu 404 Lab.  This move represents a deviation from their targets, primarily in South Korea, and the first instance of an APT group leveraging this particular vulnerability for an attack. 

In a statement on Seeburg, the group used a malicious payload disguised as a wallet screenshot, specifically targeting the cryptocurrency sector. The payload was named “wallet_Screenshot_2023_09_06_Qbao_Network.zip,” hinting at Qbao Network, a smart cryptocurrency wallet service. This deviation from their usual targets suggests that Konni may be diversifying its attack vectors.

Technical insights and tactics

The vulnerability in question, CVE-2023-38831, allows for the execution of a malicious payload when the victim clicks a specially crafted HTML file within a compressed archive. Also, the payload then runs a series of commands to determine the system architecture and downloads additional payloads from a remote server.

The malware employed by Konni was sophisticated enough to detect the system’s architecture and adapt its tactics accordingly. It used different User Account Control (UAC) bypass techniques based on the system’s specifications, making it a highly adaptable threat.

Until now, North Korean attacks on the cryptocurrency industry were primarily attributed to the Lazarus Group. The entry of Konni into this space indicates a broader strategy by North Korean hackers to target cryptocurrency exchanges and financial platforms. 

This development is particularly concerning given recent incidents involving other cryptocurrency platforms like Stake and CoinEx. The attack also raises questions about the preparedness of the cryptocurrency industry to fend off sophisticated threats, especially those that exploit newly disclosed vulnerabilities.

The attack by Konni serves as a wake-up call for both the cybersecurity and cryptocurrency communities. With the exploitation of a new vulnerability and a shift in target industries, Konni has demonstrated the evolving nature of APT threats. Organizations, especially those in the cryptocurrency sector, need to be vigilant and proactive in updating their security measures to defend against these advanced and ever-changing threats.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月16日 01:10
Next 2023年9月16日 02:48

Related articles

  • Decreased gas fees: Ethereum network sees significant drop in transaction costs

    TL;DR Breakdown Ethereum gas fees have began to stablize following an upsurge from memecoins.  As of June 3, the national average gas price was 24 gwei. The quantity of NFT trades on the Ethereum network has increased. The first week of June the crypto market experienced a sharp decline in Ethereum network gas fees, which fell to $7.34 from a peak of $20 in May. Miner Extractable Value (MEV) bot usage and the waning memecoin mania are blamed for the fall. This decrease in gas costs might benefit Ethereum and its native currency, ETH, in the long run. Contents hide 1 Memecoin frenzy and MEV bots contribute to lower gas prices on Ethereum 2 How the rise of memecoins influenced Ethereum’s gas charges 2.1 Ethereum is gassed up 2.2 The NFT Angle 3 Shapella hard fork and ETH’s price surge: Uncertain impact Memecoin frenzy and MEV bots contribute to lower gas prices on Ethereum According to on-data, the average gas price, or transaction fee, on the Ethereum network dramatically dropped in the first week of June after reaching a multimonth…

    Article 2023年6月10日

  • Robert F. Kennedy Jr. criticizes SEC’s approach to crypto regulation, calls for change

    TL;DR Breakdown Robert F. Kennedy Jr., the U.S. presidential candidate, criticizes the SEC’s regulatory approach to cryptocurrencies, calling for the appointment of crypto-friendly individuals to the commission if he is elected. Under Chair Gary Gensler, the SEC has faced criticism for its enforcement-centric strategy and lack of regulatory clarity, with Coinbase taking legal action against the SEC and a congressman proposing the removal of the chairman. Kennedy highlights the advantages of Bitcoin, emphasizing its trustworthiness, democratic decision-making process, and intrinsic value while expressing concern that the SEC prioritizes banks over the interests of the American people. In a recent interview with TheStreet, U.S. presidential candidate Robert F. Kennedy Jr. (RFK Jr.) expressed his support for the cryptocurrency industry and criticized the Securities and Exchange Commission (SEC) for its regulatory approach. Kennedy, a well-known environmental attorney, and activist, emphasized the need for crypto-friendly individuals on the SEC Commission and accused the regulator of protecting banks rather than the American people. Kennedy, the nephew of former U.S. President John F. Kennedy and son of former U.S. Attorney General Robert F. Kennedy, highlighted…

    Article 2023年6月2日

  • BREAKING: TradFi giant Franklin Templeton joins the Bitcoin ETF race with a filing for spot fund

    TL;DR Breakdown Franklin Templeton, a financial giant managing nearly $1.5 trillion in assets, has filed for a Bitcoin ETF, aiming to list it on the Cboe BZX Exchange. The proposed ETF would be a series within the Franklin Templeton Digital Holdings Trust, with Coinbase Custody Trust Company serving as the fund’s custodian. The filing comes amid a shifting regulatory landscape, as a recent court ruling against the SEC’s denial of Grayscale’s Bitcoin Trust conversion has increased optimism for future Bitcoin ETF approvals. Description Franklin Templeton, a traditional finance giant managing nearly $1.5 trillion in assets, has announced its intention to launch a Bitcoin Exchange-Traded Fund (ETF). The firm disclosed its plans in a recent filing, aiming to list the fund on the Cboe BZX Exchange. This move places Franklin Templeton in the growing list of financial institutions seeking … Read more Franklin Templeton, a traditional finance giant managing nearly $1.5 trillion in assets, has announced its intention to launch a Bitcoin Exchange-Traded Fund (ETF). The firm disclosed its plans in a recent filing, aiming to list the fund on the…

    Article 2023年9月13日

  • New York drafts new bill to address AI bias

    TL;DR Breakdown The city of New York has implemented a new law that will address areas of bias and promote fairness in using AI tools. The legislation will enable fairness and address complaints. Description New York City recently implemented a new legislation focused on artificial intelligence-driven employment tools, which aims to address bias and promote fairness in employment decisions. The legislation, known as Local Law 144, prohibits employers and agencies from utilizing automated employment decision tools (AEDT) unless these tools have undergone a biased audit within the past year. … Read more New York City recently implemented a new legislation focused on artificial intelligence-driven employment tools, which aims to address bias and promote fairness in employment decisions. The legislation, known as Local Law 144, prohibits employers and agencies from utilizing automated employment decision tools (AEDT) unless these tools have undergone a biased audit within the past year. New York passed legislation to eliminate AI bias Under the regulation, the audit results must be publicly available, and employees, as well as job candidates, must be provided with appropriate notices. The law…

    Article 2023年7月9日

  • Former Coinone executive admits accepting $1.5 million in bribes for listing controversial coin

    TL;DR Breakdown “Mr. Jeon,” a former Coinone executive, has admitted to taking $1.51 million in bribes to list certain virtual assets on the market. One of the listed coins, “Furiever Coin,” is linked to an ongoing kidnapping and murder investigation in Seoul’s Gangnam district, adding further gravity to the situation. Mr. Jeon’s broker, “Mr. Ko,” is also accused of facilitating the illicit listings and has admitted the facts of the prosecution. The former executive of South Korean cryptocurrency exchange Coinone, known as “Mr. Jeon,” has openly acknowledged the charges against him in a high-profile bribery case. The accusations surfaced recently and alleged that Mr. Jeon had accepted bribes totaling a staggering 2 billion won ($1.51 million) in exchange for listing specific virtual assets on the exchange platform. The coins in question include “Furiever Coin,” a digital currency that garnered an exclusive listing on Coinone. Shockingly, Furiever Coin has since been linked to an ongoing kidnapping and murder investigation in Seoul’s prestigious Gangnam district, adding further gravity to the already alarming situation. Accompanying Mr. Jeon on this challenging journey is his…

    Article 2023年5月28日
TOP