Broadcom analysts identified the final payload as a sophisticated Remote Access Trojan (RAT) specifically engineered to establish persistence, collect system information, harvest directory listings, and exfiltrate the gathered data to compromised command-and-control servers. Security researchers uncovered the operation on April 29, 2025, revealing a complex attack chain designed to establish persistent access and exfiltrate sensitive information from compromised systems. The timing and targets suggest possible intelligence gathering motives, aligning with North Korea’s long-standing cyber espionage efforts against South Korean organizations. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated multi-stage malware campaign linked to the North Korean Konni APT group has been detected targeting organizations primarily in South Korea. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The attack begins with a seemingly innocuous ZIP file containing a disguised .lnk shortcut that, when executed, triggers an obfuscated PowerShell script. The campaign demonstrates the continued evolution of Konni’s capabilities and their persistent focus on South Korean entities. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Security experts warn that the campaign could expand to additional targets across the region if left unchecked. The infection chain begins when users interact with a weaponized ZIP archive containing what appears to be a legitimate document but is actually a malicious .lnk shortcut.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 13:20:07 +0000