Threats Tagged 'rftrat'

The Konni Group conducted a sophisticated multi-stage attack campaign, initiating with a spear-phishing email disguised as a North Korean human rights lecturer appointment. The attack progressed through execution of a malicious LNK file, installation of remote access malware, and long-term persistence for data theft. A key feature was the unauthorized access to victims' KakaoTalk PC applications, used to distribute additional malicious files to selected contacts. The campaign employed multiple RAT families, including EndRAT, RftRAT, and RemcosRAT, with a distributed C2 infrastructure across Finland, Japan, and the Netherlands. The threat actor's tactics included trust-based propagation, account session abuse, and modular payload deployment, highlighting the need for advanced behavior-based detection and multi-layered defense strategies.

MediumMalwareSouth KoreaUnited StatesJapan+6#spear-phishing#autoit#rat

A new Android remote data-wipe attack exploiting Google's Find Hub feature has been identified as part of the KONNI APT campaign. The attackers impersonated psychological counselors and human rights activists, distributing malware disguised as stress-relief programs via KakaoTalk messenger. They compromised Google accounts to track victims' locations and remotely wipe Android devices. The attack involved spear-phishing, prolonged reconnaissance, and abuse of legitimate management functions. Multiple RAT variants were deployed, including RemcosRAT, QuasarRAT, and RftRAT. The campaign utilized WordPress-based hosting and geographically distributed C2 servers to evade detection. This sophisticated attack demonstrates the evolving tactics of state-sponsored threat actors.

MediumMalwareGermanyFranceUnited Kingdom+3#rat#find hub#remote wipe