1. BITBILIHome
  2. Article

North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

202 views

TL;DR Breakdown

  • North Korean APT group Konni exploited a newly disclosed WinRAR vulnerability (CVE-2023-38831) to launch its first-ever attack on the cryptocurrency industry, marking a significant shift in its target sectors.
  • The sophisticated malware used by Konni could adapt its tactics based on the system’s architecture, employing different User Account Control (UAC) bypass techniques to execute its payload.
  • Konni’s entry into targeting the cryptocurrency sector indicates a broader strategy by North Korean hackers, raising concerns about the industry’s preparedness against advanced and evolving cybersecurity threats.

Description

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector. A new vector of attack North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm … Read more

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector.

A new vector of attack

North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm Chuangyu 404 Lab.  This move represents a deviation from their targets, primarily in South Korea, and the first instance of an APT group leveraging this particular vulnerability for an attack. 

In a statement on Seeburg, the group used a malicious payload disguised as a wallet screenshot, specifically targeting the cryptocurrency sector. The payload was named “wallet_Screenshot_2023_09_06_Qbao_Network.zip,” hinting at Qbao Network, a smart cryptocurrency wallet service. This deviation from their usual targets suggests that Konni may be diversifying its attack vectors.

Technical insights and tactics

The vulnerability in question, CVE-2023-38831, allows for the execution of a malicious payload when the victim clicks a specially crafted HTML file within a compressed archive. Also, the payload then runs a series of commands to determine the system architecture and downloads additional payloads from a remote server.

The malware employed by Konni was sophisticated enough to detect the system’s architecture and adapt its tactics accordingly. It used different User Account Control (UAC) bypass techniques based on the system’s specifications, making it a highly adaptable threat.

Until now, North Korean attacks on the cryptocurrency industry were primarily attributed to the Lazarus Group. The entry of Konni into this space indicates a broader strategy by North Korean hackers to target cryptocurrency exchanges and financial platforms. 

This development is particularly concerning given recent incidents involving other cryptocurrency platforms like Stake and CoinEx. The attack also raises questions about the preparedness of the cryptocurrency industry to fend off sophisticated threats, especially those that exploit newly disclosed vulnerabilities.

The attack by Konni serves as a wake-up call for both the cybersecurity and cryptocurrency communities. With the exploitation of a new vulnerability and a shift in target industries, Konni has demonstrated the evolving nature of APT threats. Organizations, especially those in the cryptocurrency sector, need to be vigilant and proactive in updating their security measures to defend against these advanced and ever-changing threats.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月16日 01:10
Next 2023年9月16日 02:48

Related articles

  • U.S. Fed’s rate hike cycle over? Morgan Stanley’s Chief Economist weighs in

    TL;DR Breakdown Morgan Stanley’s Chief U.S. Economist, Ellen Zentner, believes the Federal Reserve has concluded its current cycle of interest rate hikes and predicts steady rates until potential cuts in 2024. Zentner’s views add to the ongoing debate on U.S. monetary policy, especially in light of a potential Republican-led government shutdown that could impact the Fed’s decisions. Description Ellen Zentner, Morgan Stanley’s Chief US Economist, recently made headlines by stating her belief that the Federal Reserve has concluded its current cycle of interest rate hikes. In a recent episode of the What Goes Up podcast, Zentner shared her insights on the Fed’s decision to maintain the benchmark federal interest rate. Moreover, she predicts … Read more Ellen Zentner, Morgan Stanley’s Chief US Economist, recently made headlines by stating her belief that the Federal Reserve has concluded its current cycle of interest rate hikes. In a recent episode of the What Goes Up podcast, Zentner shared her insights on the Fed’s decision to maintain the benchmark federal interest rate. Moreover, she predicts that the Fed will keep rates steady until it…

    Article 2023年9月25日

  • Oman’s MTCIT unveils massive $350 million Bitcoin mining facility in Salalah Free Zone

    TL;DR Breakdown The MTCIT in Oman has inaugurated a cutting-edge Bitcoin mining and data hosting facility in the Salalah Free Zone, valued at around $350 million. Exahertz International oversees the construction of these advanced mining centers. Kyrgyzstan has initiated a crypto mining venture adjacent to the Kambar-Ata-2 Hydro Power Plant, investing $20 million and leveraging sustainable hydroelectric power. Description The Ministry of Transport, Communications, and Information Technology (MTCIT) in Oman has unveiled a state-of-the-art Bitcoin mining and data hosting facility within the Salalah Free Zone. Valued at approximately $350 million (RO 135 million), the newly established facility marks a significant stride toward positioning Oman as a global data hosting and mining epicenter. This recent … Read more The Ministry of Transport, Communications, and Information Technology (MTCIT) in Oman has unveiled a state-of-the-art Bitcoin mining and data hosting facility within the Salalah Free Zone. Valued at approximately $350 million (RO 135 million), the newly established facility marks a significant stride toward positioning Oman as a global data hosting and mining epicenter. This recent development is not the first of its kind….

    Article 2023年8月22日

  • OpenAI rolls out new ChatGPT update for smoother interaction

    TL;DR Breakdown OpenAI has released a new ChatGPT update which will afford users smoother interaction. ChatGPT continues on its path to seamless human-like interactions. Description OpenAI, the pioneering force in artificial intelligence, is continuing its mission to refine and elevate its renowned AI chatbot, ChatGPT. The latest round of updates, though modest in scale, holds the promise of elevating conversations with the bot to new heights of seamlessness and productivity. In a recent announcement, OpenAI unveiled a set of enhancements … Read more OpenAI, the pioneering force in artificial intelligence, is continuing its mission to refine and elevate its renowned AI chatbot, ChatGPT. The latest round of updates, though modest in scale, holds the promise of elevating conversations with the bot to new heights of seamlessness and productivity. In a recent announcement, OpenAI unveiled a set of enhancements designed to make its chatbot more approachable and user-friendly. The prospect of facing a blank ChatGPT canvas can be a bit intimidating, so the platform now extends a helping hand by presenting users with suggested prompts. OpenAI announces the new updates These…

    Article 2023年8月5日

  • Atomic wallet hackers move stolen funds into sanctioned platform

    TL;DR Breakdown Hackers invoked in the Atomic wallet hack have moved stolen funds to a sanctioned platform. Concerns mount over security and regulation in the crypto sector. Reports have emerged suggesting that the illicit funds obtained from the $35 million hack of Atomic Wallet are once again on the move. It is believed that the sanctioned Russian-based crypto exchange Garantex has become the latest entity to come into contact with the hacked cryptocurrency. Lazarus group wants to launder the stolen Atomic wallet funds Blockchain security and compliance firm Elliptic provided an update on the situation, alleging that the North Korean hacking collective known as the Lazarus Group, which is believed to be behind the original attack, has been using Garantex to launder the stolen funds. Elliptic further stated that there had been a joint effort between their team and various exchange partners to freeze the stolen crypto. However, the Lazarus Group has managed to find alternative methods to trade their assets for Bitcoin. In April 2022, the U.S. Office of Foreign Assets Control had already sanctioned Garantex, along with the…

    Article 2023年6月16日

  • Bull Bitcoin taps SINPE Movil for Costa Rica expansion

    TL;DR Breakdown Bull Bitcoin has announced an expansion into the Costa Rican cryptocurrency market. Bitcoin Jungle paves the way for circular economy. Description In a significant move amid the global expansion of cryptocurrency companies, Bull Bitcoin, a Canadian Bitcoin exchange, has announced its entry into the Costa Rican market. Bull Bitcoin has achieved a milestone by becoming the first Bitcoin enterprise to leverage SINPE Movil, the primary payment provider in Costa Rica, to offer a Bitcoin on-and-off-ramp service. … Read more In a significant move amid the global expansion of cryptocurrency companies, Bull Bitcoin, a Canadian Bitcoin exchange, has announced its entry into the Costa Rican market. Bull Bitcoin has achieved a milestone by becoming the first Bitcoin enterprise to leverage SINPE Movil, the primary payment provider in Costa Rica, to offer a Bitcoin on-and-off-ramp service. Empowered by a Bitcoin circular economy initiative called the “Bitcoin Jungle,” users in Costa Rica can now seamlessly buy and sell Bitcoin (BTC) using the country’s national currency, the colón. Bull Bitcoin users to use SNIPE Movil for BTC transactions In order to facilitate…

    Article 2023年9月16日
TOP