February 22, 2024 at 05:51AM
A Russian Consular Department of the Ministry of Foreign Affairs (MID) installer has been found to deliver a remote access trojan called Konni RAT, likely originating from North Korean actors targeting Russia. The trojanized installer is intended for internal use within the MID and has been linked to other espionage operations targeting Russia.
From the meeting notes provided, the key takeaways are as follows:
1. A backdoored installer for a tool used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been discovered to deliver a remote access trojan called Konni RAT.
2. The activity is linked to Democratic People’s Republic of Korea (DPRK)-nexus actors targeting Russia, with established patterns of deploying Konni RAT against Russian entities.
3. The installer, named ‘Statistika KZU’, is intended for internal use within MID for relaying annual report files from overseas consular posts to the Consular Department of the MID via a secure channel.
4. The trojanized installer initiates contact with a command-and-control server to await further instructions and comes with capabilities for file transfers and command execution.
5. While North Korea’s targeting of Russia is not new, the development comes amid growing geopolitical proximity between Russia and North Korea.
It’s important to stay vigilant and consider potential implications of such cybersecurity threats for our organization.