20230727_threat_inteligence_report_Konni.pdf (3 MB)

Genians reported a Konni APT campaign that impersonated South Korea's National Tax Service postal notification service to deliver a ZIP file requesting explanatory materials. The attack used an LNK file disguised with an HWP-related filename and overlapped with other domestic lures, including payroll documents, CHM malware, and Fair Trade Commission survey notifications. Genians assessed the activity as consistent with Konni TTPs and part of continuing North Korea-linked operations in South Korea, with interest in financial information and broader targeting beyond North Korea-focused personnel.