North Korean organisations are being increasingly targeted by an unknown hacker group, using the Konni malware, a remote access trojan (RAT). Security experts say that in 2017 alone, three separate campaigns targeting North Korean organisations have been spotted.
Security experts at Cylance say that the most recent campaign using the Konni malware was detected in July, on the heels of Pyongyang's most recent successful ICBM test. Researchers say that although the hacker groups' motivation is uncertain, "it does appear to be geared towards espionage against targets who would be interested in North Korean affairs."
Cylance researchers said that Konni comes with capabilities that allows it to "hide in the background" while victims are tricked into executing its payload. The malware also has keylogger and screen grabbing features, allowing hackers to steal data from targets.
"The KONNI malware is a relatively new RAT. The implemented features are straightforward to analyze and there has been little attempt to mask the malware's true purpose. The basic features for a backdoor are all present, including host profiling and remote access and control," Cylance researchers said.
"Attacks leveraging social engineering techniques and intelligence gathering can be devastating for the companies involved, as these attacks target user's (very human) emotions of trust, and can lead to a total take over," Cylance researchers added.
DarkReading reported that Kaspersky Lab researchers have previously suggested that the authors of the Konni malware may be of Korean origin. Some researchers also reportedly suggested that the campaigns could have originated from South Korea.
Hacking attacks between the South and North are not uncommon. In the past, North Korea has been accused of orchestrating cyberattacks against South Korean military, as well as businesses. As tensions escalate between Pyongyang's dictatorial regime and international governments, further such cyberespionage campaigns may also rise.