The People who has an interest in the North Korean Missile Program and if they are curious to know about capabilities of the recently tested North Korean long-range missile could be a target of a new malware campaign.
North Korea claims to have conducted the first test of an intercontinental ballistic missile (ICBM), the Hwasong-14, on 3rd July. As soon as the news is out hackers have started utilizing the news to target people interested in North Korean missile arsenal with the help of KONNI malware.
Experts say the KONNI malware evolved from a simple infostealer that could only dump and exfiltrate clipboard and browser data, into a full blown Remote Access Trojan (RAT) that could also take screenshots, get the system information, including hostname, IP address, username, OS version and installed software, as well as execute malicious code on the infected computer.
According to sources, The hackers use an email attachment as the initial infection vector to deliver the Trojan through an executable file, which when opened displays an MS Office document that disguised as an article about the test missile launch.
In order to stay protected from such malware is always be suspicious of uninvited documents sent over an email and never click on links inside those documents unless verifying the source & keep your systems and antivirus updated to protect against any latest threat.