top of page
Search

New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)

The Securonix Threat Research (STR) team has been observing and investigating a new attack campaign exploiting high-value targets, including Czech Republic, Poland, and other countries. The attack campaign has been tracked by STR as STIFF#BIZON.




TARGETED COUNTRIES: Czechia, Poland


MALWARE FAMILIES: Konni, STIFF#BIZON


ATT&CK IDS: T1550 - Use Alternate Authentication Material, T1036 - Masquerading, T1102 - Web Service, T1547 - Boot or Logon Autostart Execution, T1530 - Data from Cloud Storage Object, T1007 - System Service Discovery, T1020 - Automated Exfiltration, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1041 - Exfiltration Over C2 Channel, T1053 - Scheduled Task/Job, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1119 - Automated Collection, T1132 - Data Encoding, T1134 - Access Token Manipulation, T1204 - User Execution, T1539 - Steal Web Session Cookie, T1543 - Create or Modify System Process, T1548 - Abuse Elevation Control Mechanism, T1555 - Credentials from Password Stores, T1560 - Archive Collected Data, T1566 - Phishing, T1569 - System Services, T1606 - Forge Web Credentials


Read More:

5 views

Comments


Commenting has been turned off.
bottom of page