Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Konni, a North Korean APT group, launched the first attack against the cryptocurrency industry, exploiting a recently found WinRAR vulnerability tagged as CVE-2023-38831.
According to the study, Konni’s decision to focus on the cryptocurrency market was unusual; typically, North Korea’s notorious Lazarus Group targets the financial and crypto industries.
“The attack target of the Konni organization captured this time is very different from the past. It is speculated that the Konni organization may be opening up a new attack direction”, Chuangyu 404 Advanced Threat Intelligence Team.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Attack Execution
This time, the sample is called “wallet_Screenshot_2023_09_06_Qbao_Network.zip.” The Qbao Network is a smart cryptocurrency wallet service.
QbaoNetwork is a smart encryption wallet. It seeks to provide a gateway into the blockchain community and a blockchain ecological platform.
It incorporates cross-chain digital currency wallets, payment settlements, token exchanges, social networks, news quotations, the DAPP Store, and other features.
The sample analyzedexecutes malicious payloads using the recently discovered Winrar vulnerability (CVE-2023-38831).
The victim clicks the html file in the compressed file, and the carefully made directory with the identical name is opened. Execution of the malicious payload bearing the same name will occur.
Malicious payload with the same name will be executed
The cybersecurity company Group-IBdiscovered this vulnerability, tracked as CVE-2023-38831. Following that, WinRAR issued a patch to address this issue, but customers were still in danger since they had not updated their fixed version.
Hence, Konni’s introduction into this industry suggests that North Korean hackers have a larger plan to attack financial institution’s networks and cryptocurrency exchanges.
Konni has shown the evolvability of APT attacks by taking advantage of a novel vulnerability and a change in the sectors it targets. The Konni hack acts as an awakening for the cryptocurrency and cybersecurity community.
To protect against these sophisticated and constantly evolving attacks, the cryptocurrency industry must be alert and proactive in upgrading its security procedures. Particularly, customers are advised to update their application version.
#cryptocurrency #Cyber_Security_News #Vulnerability #Konni #vulnerability
Оригинальная версия на сайте:
Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries
Author: GuruKonni, a North Korean APT group, launched the first attack against the cryptocurrency industry, exploiting a recently found WinRAR vulnerability tagged as CVE-2023-38831.
According to the study, Konni’s decision to focus on the cryptocurrency market was unusual; typically, North Korea’s notorious Lazarus Group targets the financial and crypto industries.
“The attack target of the Konni organization captured this time is very different from the past. It is speculated that the Konni organization may be opening up a new attack direction”, Chuangyu 404 Advanced Threat Intelligence Team.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Attack Execution
This time, the sample is called “wallet_Screenshot_2023_09_06_Qbao_Network.zip.” The Qbao Network is a smart cryptocurrency wallet service.
QbaoNetwork is a smart encryption wallet. It seeks to provide a gateway into the blockchain community and a blockchain ecological platform.
It incorporates cross-chain digital currency wallets, payment settlements, token exchanges, social networks, news quotations, the DAPP Store, and other features.
The sample analyzedexecutes malicious payloads using the recently discovered Winrar vulnerability (CVE-2023-38831).
The victim clicks the html file in the compressed file, and the carefully made directory with the identical name is opened. Execution of the malicious payload bearing the same name will occur.
Malicious payload with the same name will be executedThe cybersecurity company Group-IBdiscovered this vulnerability, tracked as CVE-2023-38831. Following that, WinRAR issued a patch to address this issue, but customers were still in danger since they had not updated their fixed version.
Hence, Konni’s introduction into this industry suggests that North Korean hackers have a larger plan to attack financial institution’s networks and cryptocurrency exchanges.
Konni has shown the evolvability of APT attacks by taking advantage of a novel vulnerability and a change in the sectors it targets. The Konni hack acts as an awakening for the cryptocurrency and cybersecurity community.
To protect against these sophisticated and constantly evolving attacks, the cryptocurrency industry must be alert and proactive in upgrading its security procedures. Particularly, customers are advised to update their application version.
#cryptocurrency #Cyber_Security_News #Vulnerability #Konni #vulnerability
Оригинальная версия на сайте:
