VERY IMPORTANT

In late July 2021, Malwarebytes identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. Malwarebytes discovered two documents written in Russian language and weaponized with the same malicious macro. One of the lures is about the trade and economic issues between Russia and the Korean Peninsula. The other one is about a meeting of the intergovernmental Russian-Mongolian commission. In this blog post Malwarebytes provide an overview of this campaign that uses two different UAC bypass techniques and clever obfuscation tricks to remain under the radar.