Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.
One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.
The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool (RAT) associated with the cyber activity from North Korean hackers known as APT37 (or StarCruft, Group123, Operation Erebus, and Operation Daybreak).
Russian diplomatic targets
Cybersecurity firm Cluster25 last week published research about a phishing campaign towards the end of December 2021 that delivered Konni RAT to individuals in the Russian diplomatic apparatus.
The researchers found that the hackers used the New Year theme as a decoy in emails to staff at the Russian embassy in Indonesia.