VERY IMPORTANT

In April 2024, S2W's Threat Research and Intelligence Center TALON analyzed a malicious LNK file disguised as a list of tax evasion explanatory documents. The LNK file executed a PowerShell command to download and run an AutoIt script-based Lilith RAT malware from an attacker's server, which establishes a reverse shell on the infected system. Similarities between this campaign and KONNI group's tactics, such as command obfuscation and the use of AutoIt-ported malware, suggest the threat actor behind this attack could be linked to KONNI.