1. BITBILIHome
  2. Article

North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

178 views

TL;DR Breakdown

  • North Korean APT group Konni exploited a newly disclosed WinRAR vulnerability (CVE-2023-38831) to launch its first-ever attack on the cryptocurrency industry, marking a significant shift in its target sectors.
  • The sophisticated malware used by Konni could adapt its tactics based on the system’s architecture, employing different User Account Control (UAC) bypass techniques to execute its payload.
  • Konni’s entry into targeting the cryptocurrency sector indicates a broader strategy by North Korean hackers, raising concerns about the industry’s preparedness against advanced and evolving cybersecurity threats.

Description

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector. A new vector of attack North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm … Read more

North Korean APT (Advanced Persistent Threat) group Konni exploits a recently disclosed WinRAR vulnerability to launch its first attack on the cryptocurrency sector.

A new vector of attack

North Korean APT group Konni has made headlines by exploiting a recently disclosed WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry, according to a Chinese security firm Chuangyu 404 Lab.  This move represents a deviation from their targets, primarily in South Korea, and the first instance of an APT group leveraging this particular vulnerability for an attack. 

In a statement on Seeburg, the group used a malicious payload disguised as a wallet screenshot, specifically targeting the cryptocurrency sector. The payload was named “wallet_Screenshot_2023_09_06_Qbao_Network.zip,” hinting at Qbao Network, a smart cryptocurrency wallet service. This deviation from their usual targets suggests that Konni may be diversifying its attack vectors.

Technical insights and tactics

The vulnerability in question, CVE-2023-38831, allows for the execution of a malicious payload when the victim clicks a specially crafted HTML file within a compressed archive. Also, the payload then runs a series of commands to determine the system architecture and downloads additional payloads from a remote server.

The malware employed by Konni was sophisticated enough to detect the system’s architecture and adapt its tactics accordingly. It used different User Account Control (UAC) bypass techniques based on the system’s specifications, making it a highly adaptable threat.

Until now, North Korean attacks on the cryptocurrency industry were primarily attributed to the Lazarus Group. The entry of Konni into this space indicates a broader strategy by North Korean hackers to target cryptocurrency exchanges and financial platforms. 

This development is particularly concerning given recent incidents involving other cryptocurrency platforms like Stake and CoinEx. The attack also raises questions about the preparedness of the cryptocurrency industry to fend off sophisticated threats, especially those that exploit newly disclosed vulnerabilities.

The attack by Konni serves as a wake-up call for both the cybersecurity and cryptocurrency communities. With the exploitation of a new vulnerability and a shift in target industries, Konni has demonstrated the evolving nature of APT threats. Organizations, especially those in the cryptocurrency sector, need to be vigilant and proactive in updating their security measures to defend against these advanced and ever-changing threats.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:North Korean APT group Konni targets the cryptocurrency industry using WinRAR vulnerability

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年9月16日 01:10
Next 2023年9月16日 02:48

Related articles

  • Jamaica’s taxi drivers embrace crypto for faster rides

    TL;DR Breakdown Jamaica’s transportation sector is poised for a digital revolution as local bus and taxi operators eagerly anticipate integrating the nation’s own central bank digital currency (CBDC), known as Jam-Dex. Jamaica is actively working towards enabling CBDC services on the mobile phones of the general public. Description Jamaica’s transportation sector is poised for a digital revolution as local bus and taxi operators eagerly anticipate integrating the nation’s own central bank digital currency (CBDC), known as Jam-Dex. The introduction of Jam-Dex by the Central Bank of Jamaica in 2022 was marked by an airdrop event aimed at accelerating its widespread adoption. Recent developments … Read more Jamaica’s transportation sector is poised for a digital revolution as local bus and taxi operators eagerly anticipate integrating the nation’s own central bank digital currency (CBDC), known as Jam-Dex. The introduction of Jam-Dex by the Central Bank of Jamaica in 2022 was marked by an airdrop event aimed at accelerating its widespread adoption. Recent developments reveal that Aldo Antonio, co-founder and acting executive chairman of the National Transporters Alliance Group (NTAG), is actively championing…

    Article 2023年8月30日

  • China is criticizing US’s strategies harshly – The details

    Description Recent maneuvers from the US, with its blend of diplomacy and containment, are drawing the ire of China’s formidable intelligence arm. The looming question now is whether this brewing tension jeopardizes the anticipated November summit between the two superpowers. Veiled Threats and Impending Summits Amid the backdrop of alleged US attempts to warm bilateral ties, … Read more Recent maneuvers from the US, with its blend of diplomacy and containment, are drawing the ire of China’s formidable intelligence arm. The looming question now is whether this brewing tension jeopardizes the anticipated November summit between the two superpowers. Veiled Threats and Impending Summits Amid the backdrop of alleged US attempts to warm bilateral ties, China’s Ministry of State Security (MSS) has delivered its most trenchant response yet. With a series of American officials, including the US Commerce Secretary Gina Raimondo, knocking on Beijing’s doors recently, the narrative from Washington remains consistent: the Biden administration isn’t attempting to throttle China’s progression or strive for a disentanglement. Yet, the Chinese ministry swiftly countered this narrative by equating it to “old wine in…

    Article 2023年9月5日

  • France and Germany’s expansion strategy for the EU

    TL;DR Breakdown France and Germany have presented a proposal to reshape the EU, especially regarding its expansion. The strategy emphasizes majority voting for state decisions, stricter rules on democracy and the rule of law, and an expanded EU budget. These proposals will be the core of discussions at an upcoming EU leadership summit in Granada, Spain. Description As the tides of change sweep over Europe, with its geopolitical complexities and challenges, France and Germany have risen to take the lead. They’re at the forefront, presenting transformative strategies to reshape the EU, particularly in light of its anticipated expansion. And while their intentions might seem grand, it’s imperative we dig beneath the surface … Read more As the tides of change sweep over Europe, with its geopolitical complexities and challenges, France and Germany have risen to take the lead. They’re at the forefront, presenting transformative strategies to reshape the EU, particularly in light of its anticipated expansion. And while their intentions might seem grand, it’s imperative we dig beneath the surface to fully grasp the magnitude and implications of their proposals….

    Article 2023年9月20日

  • EU and Google join forces for voluntary AI pact

    TL;DR Breakdown The European Commission and Google are working to develop a voluntary AI pact before legislation comes into effect. This initiative aims to anticipate and prepare for AI’s potential societal and business impacts. EU Industry chief Thierry Breton has urged EU countries and lawmakers to finalize the proposed AI rules before the end of the year. In a remarkable leap towards defining the ever-changing landscape of Artificial Intelligence (AI), Google and the European Commission have announced plans to lay out a cooperative agreement for the emerging technology. This decision comes in light of the growing urgency for global oversight on AI’s societal and business implications. EU industry chief, Thierry Breton, took the initiative, meeting with Sundar Pichai, the CEO of Google and Alphabet, its parent company, to chart a path for an AI pact. This meeting sought to draw the blueprint for AI governance even before the regulatory frameworks become legally binding. Co-creation of AI pact: A voluntary undertaking Breton expressed the urgency of proactive measures, stating that there was no time to be complacent until AI regulation was…

    Article 2023年5月26日

  • French fashion brand Dior launches exclusive line of blockchain-backed sneakers, explores Web3 integration

    TL;DR Breakdown French luxury fashion house Dior unveils B33 sneakers, leveraging Ethereum blockchain and NFTs for authenticity and security. Limited run of 470 pairs priced at $1,350 each, with unique digital twins minted on the blockchain for every pair. Dior strategically avoids blockchain terminology, focusing on product benefits, as parent company LVMH embraces Web3 and crypto trends. Description French luxury fashion house Dior has unveiled its latest innovation in the fashion world by introducing a new line of men’s sneakers that leverage the Ethereum blockchain. The highly anticipated B33 sneakers, designed by Dior Menswear artistic director Kim Jones, are set to be released as part of the Men’s Fall 2023 collection. What sets … Read more French luxury fashion house Dior has unveiled its latest innovation in the fashion world by introducing a new line of men’s sneakers that leverage the Ethereum blockchain. The highly anticipated B33 sneakers, designed by Dior Menswear artistic director Kim Jones, are set to be released as part of the Men’s Fall 2023 collection. What sets these sneakers apart is their unique online authentication system…

    Article 2023年7月4日
TOP