Phishing Emails Used to Deploy KONNI Malware

The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.

Further information including screenshots, downloadable Indicators of Compromise (IOCs), and recommendations can be found at the link below.

Categories: Uncategorized