SYMBOLCOMMON_NAMEaka. SYNONYMS

Opal Sleet  (Back to overview)

aka: Konni, OSMIUM, Vedalia

Konni is a threat actor associated with APT37, a North Korean cyber crime group. They have been active since 2012 and are known for their cyber-espionage activities. Konni has targeted various sectors, including education, government, business organizations, and the cryptocurrency industry. They have exploited vulnerabilities such as CVE-2023-38831 and have used malware like KonniRAT to gain control of victim hosts and steal important information.


Associated Families

There are currently no families associated with this actor.


References
2023-11-10NSFOCUSNSFOCUS
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
Cobalt Strike Konni DarkCasino Opal Sleet
2023-09-13Seebug PaperNan, XWS
Analysis of the recent offensive operations conducted by North Korean APT groups
Opal Sleet
2022-10-04Rewterz Information SecurityRewterz Information Security
Rewterz Threat Alert – KONNI APT Group – Active IOCs
Konni Opal Sleet
2022-07-20Securonix Threat LabsD. Iuzvyk, O. Kolesnikov, T. Peck
STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) - Securonix
Konni Opal Sleet

Credits: MISP Project