| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activities. Konni has targeted various sectors, including education, government, business organizations, and the cryptocurrency industry. They have exploited vulnerabilities such as CVE-2023-38831 and have used malware like KonniRAT to gain control of victim hosts and steal important information.
There are currently no families associated with this actor.
| 2023-11-10
⋅
NSFOCUS
⋅
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits Cobalt Strike Konni DarkCasino Opal Sleet |
| 2023-09-13
⋅
Seebug Paper
⋅
Analysis of the recent offensive operations conducted by North Korean APT groups Opal Sleet |
| 2022-10-04
⋅
Rewterz Information Security
⋅
Rewterz Threat Alert – KONNI APT Group – Active IOCs Konni Opal Sleet |
| 2022-07-20
⋅
Securonix Threat Labs
⋅
STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) - Securonix Konni Opal Sleet |