In February 2024, it was embedded in software used by the Russian Ministry of Foreign Affairs to target sensitive systems, while in November 2023, phishing attacks employed malicious documents to deploy the malware, enabling attackers to exfiltrate data and execute remote commands. The malware is known for its sophisticated capabilities, including data exfiltration, command execution, persistence through UAC bypass and registry modifications, and encrypted communication with its command-and-control (C2) servers. The malware exploits default features of Windows OS, such as Windows Explorer’s file extension hiding and the 260-character limit in LNK files, enabling it to execute commands undetected. Recent campaigns have showcased Konni RAT’s evolving tactics, such as embedding itself within backdoored software installers or leveraging malicious macro-enabled Word documents to gain access.