Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries

Konni, a North Korean APT community, launched the first assault in opposition to the cryptocurrency industry, exploiting a nowadays stumbled on WinRAR vulnerability tagged as CVE-2023-38831.

In step with the watch, Konni’s decision to focal point on the cryptocurrency market changed into once unfamiliar; in general, North Korea’s notorious Lazarus Neighborhood targets the financial and crypto industries.

“The assault aim of the Konni group captured this time is amazingly diverse from the previous. It is miles speculated that the Konni group would be opening up a novel assault direction”, Chuangyu 404 Evolved Threat Intelligence Group.

Attack Execution

This time, the sample is named “wallet_Screenshot_2023_09_06_Qbao_Network.zip.” The Qbao Network is a natty cryptocurrency wallet provider.

QbaoNetwork is a natty encryption wallet. It seeks to give a gateway into the blockchain community and a blockchain ecological platform.

It incorporates unfavorable-chain digital foreign money wallets, payment settlements, token exchanges, social networks, news quotations, the DAPP Retailer, and other facets.

The sample analyzed executes malicious payloads the usage of the nowadays stumbled on Winrar vulnerability (CVE-2023-38831).

The victim clicks the html file within the compressed file, and the fastidiously made directory with the the same name is opened. Execution of the malicious payload bearing the the same name will occur.

The cybersecurity firm Neighborhood-IB stumbled on this vulnerability, tracked as CVE-2023-38831. Following that, WinRAR issued a patch to address this dispute, however customers were restful at probability since they’d now not as much as this point their mounted model.

Hence, Konni’s introduction into this industry means that North Korean hackers like a increased opinion to assault financial institution’s networks and cryptocurrency exchanges.

Konni has shown the evolvability of APT assaults by making the most of a novel vulnerability and a replace within the sectors it targets. The Konni hack acts as an awakening for the cryptocurrency and cybersecurity community.

To present protection to in opposition to those refined and repeatedly evolving assaults, the cryptocurrency industry needs to be alert and proactive in upgrading its security procedures. Notably, customers are informed to update their utility model.