Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.
One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.
The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool (RAT) associated with the cyber activity from North Korean hackers known as APT37 (or StarCruft, Group123, Operation Erebus, and Operation Daybreak).
Read more…
Source: Bleeping Computer