1. BITBILIHome
  2. Article

North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

201 views

TL;DR Breakdown

  • North Korean APT group Konni exploited a newly disclosed WinRAR vulnerability (CVE-2023-38831) to launch its first-ever attack on the cryptocurrency industry, marking a significant shift in its target sectors.
  • The sophisticated malware used by Konni could adapt its tactics based on the system’s architecture, employing different User Account Control (UAC) bypass techniques to execute its payload.
  • Konni’s entry into targeting the cryptocurrency sector indicates a broader strategy by North Korean hackers, raising concerns about the industry’s preparedness against advanced and evolving cybersecurity threats.

Description

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector. A new vector of attack North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm … Read more

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector.

A new vector of attack

North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm Chuangyu 404 Lab.  This move represents a deviation from their targets, primarily in South Korea, and the first instance of an APT group leveraging this particular vulnerability for an attack. 

In a statement on Seeburg, the group used a malicious payload disguised as a wallet screenshot, specifically targeting the cryptocurrency sector. The payload was named “wallet_Screenshot_2023_09_06_Qbao_Network.zip,” hinting at Qbao Network, a smart cryptocurrency wallet service. This deviation from their usual targets suggests that Konni may be diversifying its attack vectors.

Technical insights and tactics

The vulnerability in question, CVE-2023-38831, allows for the execution of a malicious payload when the victim clicks a specially crafted HTML file within a compressed archive. Also, the payload then runs a series of commands to determine the system architecture and downloads additional payloads from a remote server.

The malware employed by Konni was sophisticated enough to detect the system’s architecture and adapt its tactics accordingly. It used different User Account Control (UAC) bypass techniques based on the system’s specifications, making it a highly adaptable threat.

Until now, North Korean attacks on the cryptocurrency industry were primarily attributed to the Lazarus Group. The entry of Konni into this space indicates a broader strategy by North Korean hackers to target cryptocurrency exchanges and financial platforms. 

This development is particularly concerning given recent incidents involving other cryptocurrency platforms like Stake and CoinEx. The attack also raises questions about the preparedness of the cryptocurrency industry to fend off sophisticated threats, especially those that exploit newly disclosed vulnerabilities.

The attack by Konni serves as a wake-up call for both the cybersecurity and cryptocurrency communities. With the exploitation of a new vulnerability and a shift in target industries, Konni has demonstrated the evolving nature of APT threats. Organizations, especially those in the cryptocurrency sector, need to be vigilant and proactive in updating their security measures to defend against these advanced and ever-changing threats.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月16日 01:10
Next 2023年9月16日 02:48

Related articles

  • U.S. Court orders SEC to respond to Coinbase’s rulemaking petition within seven days

    TL;DR Breakdown The U.S. Court of Appeals ordered the SEC to respond to Coinbase’s petition for clearer crypto regulations. The SEC is suing Coinbase, raising concerns about its approach to crypto regulation. The United States Court of Appeals for the Third Circuit has ordered the U.S. Securities and Exchange Commission (SEC) to clarify its stance on a rulemaking petition from Coinbase, the only publicly-traded cryptocurrency exchange in the United States. The Court asked SEC to respond within a week. This order comes in response to Coinbase’s Administrative Procedure Act challenge filed in April, which sought to compel the SEC to respond to its 2022 petition for formal rulemaking in the digital assets sector. Coinbase’s petition, pending since July, has been a clarion call for clearer regulatory guidelines for the burgeoning cryptocurrency industry in the U.S. The exchange has asked the SEC to answer 50 specific questions concerning the regulatory treatment of certain digital assets, including how tokens are classified as securities. Paul Grewal, Coinbase’s Chief Legal Officer, has been vocal about the need for regulatory clarity, stating that the SEC’s…

    Article 2023年6月12日

  • Binance lawyers fire back at SEC’s restraining order, citing customer risk and business consequences

    TL;DR Breakdown Binance lawyers strongly oppose SEC’s restraining order, citing a lack of immediate risk to customer assets. Concerns raised by the SEC have already caused harm, argue Binance’s legal representatives. Strained banking relationships force Binance.US to shift to a cryptocurrency-only model. Lawyers representing Binance and its associated firms have vehemently opposed the restraining order sought by the U.S. Securities Exchange Commission (SEC) in a recent court filing on June 12. The SEC had charged Binance and related companies with various allegations on June 5 and subsequently requested a restraining order against Binance.US—the order aimed to freeze the company’s assets and enforce the return of user funds. In their response, Binance’s legal representatives questioned the necessity of the SEC’s requested relief, arguing that the SEC failed to demonstrate any immediate risk to customer assets. They further emphasized that the concerns raised by the SEC had already initiated the harm the regulatory body aims to safeguard against. Of particular concern was the reported threat by banking partners of Binance.US’s parent company, BAM Trading, to restrict access to corporate and customer assets….

    Article 2023年6月16日

  • Elizabeth Warren grills Goldman Sachs over SVB failure

    TL;DR Breakdown Senator Elizabeth Warren has accused Goldman Sachs of profiting from the failure of Silicon Valley Bank, which the Wall Street bank denies. According to Warren, Goldman Sachs served as both the buyer of SVB bonds and the orchestrator of failed efforts to raise capital for the bank, allegedly profiting even as the bank was seized by the FDIC. Goldman Sachs spokesman Tony Fratto refutes the allegations, insisting that banks don’t collect fees when capital raises are canceled. Description Tension flares as U.S. Senator Elizabeth Warren takes Goldman Sachs to task over the downfall of Silicon Valley Bank (SVB). In an escalating exchange of questions and responses, Warren places the spotlight on Goldman’s actions and potential gains during SVB’s tumble into bankruptcy. The backdrop of profits amid losses Warren outlines a narrative where Goldman … Read more Tension flares as U.S. Senator Elizabeth Warren takes Goldman Sachs to task over the downfall of Silicon Valley Bank (SVB). In an escalating exchange of questions and responses, Warren places the spotlight on Goldman’s actions and potential gains during SVB’s tumble into…

    Article 2023年7月3日

  • How inflation is pushing the Fed’s buttons

    TL;DR Breakdown U.S. faces unexpected inflation rise, challenging its control over it. University of Michigan’s survey reveals a year-ahead inflation outlook of 3.1%, the lowest since March 2021. Consumer behavior aligns with inflation expectations, potentially influencing market outcomes. Description A recent uptick in inflation, challenging the U.S.’s supposed grip over it, is certainly causing some sleepless nights for economists and policymakers alike. As the current trend hovers above expected numbers, questions arise: How will the Federal Reserve respond, and what are consumers genuinely feeling about this economic turbulence? Public Perception vs. Hard Data Dive … Read more A recent uptick in inflation, challenging the U.S.’s supposed grip over it, is certainly causing some sleepless nights for economists and policymakers alike. As the current trend hovers above expected numbers, questions arise: How will the Federal Reserve respond, and what are consumers genuinely feeling about this economic turbulence? Public Perception vs. Hard Data Dive into the recent survey results from the University of Michigan, and you’ll spot a notable trend. Their preliminary data from September revealed that the year-ahead inflation outlook stood…

    Article 2023年9月20日

  • XRP as security debate: attorney John Deaton sheds new light on classification

    TL;DR Breakdown Attorney John Deaton contributes to discussions on XRP safety and classification. Investors in this scenario could be deemed part of a single company. Deaton’s insights highlight the need for clarity in regulatory frameworks. Description Outspoken attorney and cryptocurrency advocate John Deaton continues to make waves in the discussions surrounding the safety of XRP, a digital currency associated with Ripple Labs.  Deaton recently responded to a tweet from user Caesar Korvinus, who expressed their decision to purchase XRP based on the reputation of Ripple Labs’ Chief Technical Officer, David Schwartz, … Read more Outspoken attorney and cryptocurrency advocate John Deaton continues to make waves in the discussions surrounding the safety of XRP, a digital currency associated with Ripple Labs.  Deaton recently responded to a tweet from user Caesar Korvinus, who expressed their decision to purchase XRP based on the reputation of Ripple Labs’ Chief Technical Officer, David Schwartz, and the presence of other board members with strong technical backgrounds. Deaton, never one to shy away from expressing his views, chimed in and shed light on the potential implications of…

    Article 2023年6月27日
TOP