Konni_targeting_Russian_diplomatic_sector.pdf (3 MB)

Cluster25 attributes a spear-phishing attack against the Russian diplomatic sector to the North Korean APT group Konni. The campaign used a New Year's Eve-themed malicious email attachment as the lure, and execution of the attachment triggered a multi-stage infection chain. The chain ultimately installed a new Konni RAT-family implant, giving the actor access to the victim system. The preserved source excerpt is brief, but it supports the core findings of DPRK-linked attribution, Russian diplomatic targeting, spear-phishing delivery, and staged malware deployment.