konni (2)

10031404495?profile=RESIZE_400xActivity Summary - Week Ending on 21 January 2022:

  • Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
  • Microsoft IP hit again
  • Analysts identified 4,093 new IP addresses participating in various Botnets
  • SysJoker Backdoor
  • Konni Campaign
  • Take Down of VPNLab.net
  • Russia shuts down REvil, huh?
  • Brookings Blog on Russia
  • SilverTerrier sent to the Kennel
  • China and the Olympics
  • Up-Date on Ukraine Hit

Link to full report: IR-22-021-001_weekly021.pdf

7622802499?profile=RESIZE_400x

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA). 

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link