FortiGuard Labs recently identified the use of a Russian-language Word document equipped with a malicious macro in the ongoing Konni campaign.
Despite the document’s creation date of September, ongoing activity on the campaign’s C2 server is evident in internal telemetry. This campaign relies on a remote access trojan (RAT) capable of extracting information and executing commands on compromised devices. Operating for several years, this campaign employs diverse strategies for initial access, payload delivery, and establishing persistence within victims’ networks.
Read more…
Source: Fortinet