An unknown group has targeted North Korean organizations with malware that would allow repeated access to systems.
Security researchers say the latest campaign—after a July 3 intercontinental ballistic missile test—is at least the fifth attack in three years, Dark Reading reported. That campaign used a copy-pasted news article about the missile launch to trick recipients into launching the malware, the security firm Talos reported.
At first, the Konni malware used in the campaign only gathered information, but it later evolved to include the ability to remotely take control of some seized accounts, according to Talos and another security firm Cylance. The malware is capable of logging keystrokes, capturing screens and uses advanced techniques to avoid detection, the firms reported.
“The motivation behind these campaigns is uncertain, however it does appear to be geared towards espionage against targets who would be interested in North Korean affairs,” Cylance researchers said.