X-Industry

konni (2)

Weekly Cyber Intel Report - All Sector 01 21 2022

Activity Summary - Week Ending on 21 January 2022:

Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
Microsoft IP hit again
Analysts identified 4,093 new IP addresses participating in various Botnets
SysJoker Backdoor
Konni Campaign
Take Down of VPNLab.net
Russia shuts down REvil, huh?
Brookings Blog on Russia
SilverTerrier sent to the Kennel
China and the Olympics
Up-Date on Ukraine Hit

Link to full report: IR-22-021-001_weekly021.pdf

KONNI Malware

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA).

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Activity Summary - Week Ending on 21 January 2022:

Note: this page contains paid content.