The scoop is that North Korean hackers are apparently trying to snag some sensitive info from Russian targets, and they’re doing it with those tricky Microsoft Word documents. Fortinet researcher Cara Lin spilled the beans on a group called Konni (or maybe Kimsuky AKA APT43), who are using a Russian-language Microsoft doc loaded with a sneaky macro-delivered malware.
This sly script does a bunch of things—it kicks off a Batch script to snoop around the system, then it waltzes past the User Account Control (UAC) settings, and finally drops an infostealing DLL into the mix. It’s like a digital heist in action.
What makes this cyber caper even more interesting is that the hackers are relying on a remote access trojan (RAT) to grab info and pull off commands on the compromised devices. The payload has its own bag of tricks, including a UAC bypass and encrypted communication with a C2 server, giving the cyber crooks the green light for some privileged commands.
The document being passed around isn’t innocent either—it’s apparently an article in Russian, chatting about “Western assessments of the progress of the Special Military Operation.” A clever disguise for their not-so-friendly activities.
This Konni crew is catching attention for specifically going after Russia. They’ve got a knack for sending spear-phishing emails and slipping in malicious documents to get to the juicy stuff on your computer. Past attacks even used a vulnerability in WinRAR (CVE-2023-38831), showing that Konni means business when it comes to data heists and espionage.
And this isn’t their first rodeo—North Korean hackers have a track record of going after Russian firms. Last summer, two separate gangs—ScarCruft and Lazarus Group—set their sights on NPO Mashinostroyenia, a crucial Russian missile engineering company. ScarCruft managed to infiltrate some sensitive internal IT stuff, while Lazarus went for a Windows backdoor called OpenCarrot. The digital drama continues.
