North Korea Campaigns Show Link Between KONNI and DarkHotel
Security Week | August 09, 2017
Decoy documents used in two recent cyber espionage campaigns apparently aimed at entities linked to North Korea show a connection between the DarkHotel attacks and a piece of malware named KONNI. KONNI is a remote access trojan (RAT) that managed to stay under the radar for more than 3 years. The malware has evolved over the past years and it’s currently capable of logging keystrokes, stealing files, capturing screenshots, and collecting information about the infected machine.