 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Minyoung] A hacking group known as Konni, believed to be linked to North Korea, has been carrying out multi-stage cyberattacks by distributing malware through spear-phishing emails and KakaoTalk Messenger, cybersecurity researchers said.
According to cybersecurity firm Genians on March 16, the Konni group continues to conduct advanced persistent threat (APT) attacks, a tactic in which attackers infiltrate targeted systems over long periods until their objectives are achieved.
A notable feature of the latest campaign is the use of the KakaoTalk PC version installed on infected computers as a channel to spread malware.
The attack begins with a spear-phishing email that appears legitimate but contains a malicious shortcut (LNK) file. When the recipient executes the file, hidden malicious scripts are activated, infecting the computer.
Once inside the system, attackers remain dormant on the compromised device for an extended period, stealing internal documents and account information. They then gain unauthorized access to the victim’s KakaoTalk PC application.
The attackers reportedly select certain contacts from the victim’s friend list and resend malicious files disguised as materials such as a “North Korea-related video project proposal,” allowing the malware to spread further.
Cybersecurity experts stressed the importance of strengthening user awareness training so that individuals remain cautious about shortcut files or attachments disguised as official documents, which are commonly used as entry points in such attacks.
알파경제 Kim Minyoung Reporter(kimmy@alphabiz.co.kr)
