1. BITBILIHome
  2. Article

North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

155 views

TL;DR Breakdown

  • North Korean APT group Konni exploited a newly disclosed WinRAR vulnerability (CVE-2023-38831) to launch its first-ever attack on the cryptocurrency industry, marking a significant shift in its target sectors.
  • The sophisticated malware used by Konni could adapt its tactics based on the system’s architecture, employing different User Account Control (UAC) bypass techniques to execute its payload.
  • Konni’s entry into targeting the cryptocurrency sector indicates a broader strategy by North Korean hackers, raising concerns about the industry’s preparedness against advanced and evolving cybersecurity threats.

Description

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector. A new vector of attack North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm … Read more

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector.

A new vector of attack

North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm Chuangyu 404 Lab.  This move represents a deviation from their targets, primarily in South Korea, and the first instance of an APT group leveraging this particular vulnerability for an attack. 

In a statement on Seeburg, the group used a malicious payload disguised as a wallet screenshot, specifically targeting the cryptocurrency sector. The payload was named “wallet_Screenshot_2023_09_06_Qbao_Network.zip,” hinting at Qbao Network, a smart cryptocurrency wallet service. This deviation from their usual targets suggests that Konni may be diversifying its attack vectors.

Technical insights and tactics

The vulnerability in question, CVE-2023-38831, allows for the execution of a malicious payload when the victim clicks a specially crafted HTML file within a compressed archive. Also, the payload then runs a series of commands to determine the system architecture and downloads additional payloads from a remote server.

The malware employed by Konni was sophisticated enough to detect the system’s architecture and adapt its tactics accordingly. It used different User Account Control (UAC) bypass techniques based on the system’s specifications, making it a highly adaptable threat.

Until now, North Korean attacks on the cryptocurrency industry were primarily attributed to the Lazarus Group. The entry of Konni into this space indicates a broader strategy by North Korean hackers to target cryptocurrency exchanges and financial platforms. 

This development is particularly concerning given recent incidents involving other cryptocurrency platforms like Stake and CoinEx. The attack also raises questions about the preparedness of the cryptocurrency industry to fend off sophisticated threats, especially those that exploit newly disclosed vulnerabilities.

The attack by Konni serves as a wake-up call for both the cybersecurity and cryptocurrency communities. With the exploitation of a new vulnerability and a shift in target industries, Konni has demonstrated the evolving nature of APT threats. Organizations, especially those in the cryptocurrency sector, need to be vigilant and proactive in updating their security measures to defend against these advanced and ever-changing threats.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月16日 01:10
Next 2023年9月16日 02:48

Related articles

  • China’s Zhengzhou offers lucrative incentives for metaverse innovators

    TL;DR Breakdown The municipal government of Zhengzhou, China, has allocated a dedicated fund to support metaverse firms in the city. Metaverse app developers in Zhengzhou are eligible for subsidies of up to 5 million yuan ($710,000), regardless of their company’s headquarters location. Zhengzhou plans to establish a metaverse industrial fund with 10 billion yuan. This week, the municipal government of Zhengzhou, located in the prosperous province of Henan in China, made news when it issued a series of legislative ideas intending to support metaverse firms inside its jurisdiction. The declaration by the government of a significant dedicated fund of 10 billion yuan (about $1.42 billion US) demonstrates its intention to assist this expanding sector. According to research commissioned by the Chinese government, businesses that relocate their headquarters to Zhengzhou can receive investments of up to 200 million yuan (about $28.34 million). Rent reductions are only one of the various forms of financial assistance made available to these companies. In addition, companies that create metaverse apps in the city are eligible for subsidies of up to 5 million yuan (about $710,000),…

    Article 2023年5月28日

  • Europe is against network fee charges on tech giants

    TL;DR Breakdown A majority of European countries rejected a proposal by large telecom operators to impose a network fee on tech giants such as Google to fund the rollout of 5G and broadband in Europe. Telecom ministers from 18 countries voiced concerns about the potential effects of the levy, including extra costs passed on to consumers and violation of EU’s “net neutrality” rules. Tech giants like Google, Apple, Meta Platforms, Netflix, Amazon, and Microsoft opposed the levy, arguing they already invest substantially in the digital ecosystem. The proposal for a network fee charge on tech giants has been rebuffed by a majority of European countries, as they’re siding against the idea of putting an additional financial burden on leading tech companies. This motion, backed by prominent telecom operators in Europe, argues for the levy on the likes of Google to facilitate the deployment of broadband and 5G throughout the region. The opposition stance In a Luxembourg meeting with EU industry chief Thierry Breton, 18 telecom ministers of the Union voiced their disapproval or called for a comprehensive study into the…

    Article 2023年6月9日

  • Card games evolve with ‘Sealed Mode’ in Gods Unchained

    TL;DR Breakdown Gods Unchained introduces “Sealed Mode,” a novel gameplay format inspired by traditional card games, offering players random card sets for competitive play. In a groundbreaking move, Immutable’s NFT-based system grants true ownership of digital cards, bridging the gap between physical and digital card gaming. Description In a groundbreaking move, Immutable’s popular Web3 game, Gods Unchained, has unveiled a new gameplay format that promises to revolutionize the digital card game arena. This innovative format, known as “Sealed Mode,” is designed to level the playing field for players, allowing even those without extensive or costly card collections to compete on equal footing. … Read more In a groundbreaking move, Immutable’s popular Web3 game, Gods Unchained, has unveiled a new gameplay format that promises to revolutionize the digital card game arena. This innovative format, known as “Sealed Mode,” is designed to level the playing field for players, allowing even those without extensive or costly card collections to compete on equal footing. The announcement, made on September 13th via a blog post, has sent ripples through the gaming community, drawing parallels with…

    Article 2023年9月14日

  • Venezuela’s crypto scene remains chaotic – Here is why

    TL;DR Breakdown Venezuela’s cryptocurrency sector is in disarray following the arrest of Sunacrip head, Joselit Ramirez, amid a corruption scandal. The crypto mining activities are paused, causing massive losses and leading some miners to consider relocating their operations. Mass layoffs have occurred at Sunacrip, and the future of Venezuela’s official cryptocurrency, the Petro, is uncertain. Description The tumultuous saga of Venezuela’s cryptocurrency industry reflects a landscape of turmoil, confusion, and potential collapse. Following the arrest of the head of Venezuela’s crypto regulator, Sunacrip’s Joselit Ramirez, and the subsequent intervention into the institution’s workings, the nation’s crypto environment has become an arena of uncertainty. The reasons behind this instability are as convoluted … Read more The tumultuous saga of Venezuela’s cryptocurrency industry reflects a landscape of turmoil, confusion, and potential collapse. Following the arrest of the head of Venezuela’s crypto regulator, Sunacrip’s Joselit Ramirez, and the subsequent intervention into the institution’s workings, the nation’s crypto environment has become an arena of uncertainty. The reasons behind this instability are as convoluted as they are disturbing. Venezuela’s turbulence post-intervention: A nation in limbo…

    Article 2023年7月19日

  • Tornado Cash DAO attacker transfers Ether and TORN tokens, raising concerns over the security of treasury funds

    TL;DR Breakdown Tornado Cash DAO faced a cyberattack, with the attacker moving stolen tokens, including 100 ether (ETH) and 38,000 TORN tokens. Despite the attack, Tornado Cash’s core functionality remains intact, and there’s a promising proposal to revert harmful changes. Concurrently, Tornado Cash is fighting sanctions imposed by the U.S. Treasury, which some users argue infringe on their First Amendment rights. Tornado Cash DAO, the privacy-focused cryptocurrency mixing service, was reportedly breached in a sophisticated cyberattack over the weekend. A series of transactions revealed that the culprit has begun moving the ill-gotten funds, stirring alarm among stakeholders and experts in the blockchain community. Blockchain data provided by Etherscan showed the movement of 100 ether (ETH) and 38,000 Tornado (TORN) tokens from addresses linked to the unidentified assailant on Wednesday night. The audacious attacker, who cleverly camouflaged a malicious code to grant themselves counterfeit votes, currently holds over 20 ether, equivalent to $35,684, in their digital wallet and still retains possible access to Tornado Cash’s treasury. This assault, which has put the DAO’s operations, financial resources, and future plans in jeopardy,…

    Article 2023年5月27日
TOP