According to Foresight News, the North Korean advanced persistent threat (APT) group Konni has been reported to be targeting the cryptocurrency industry for the first time, using a WinRAR vulnerability (CVE-2023-38831). Previously, the North Korean APT group Lazarus had been known to target the cryptocurrency and finance-related industries. However, this recent attack marks the first time that another North Korean group, besides Lazarus, has been found targeting the cryptocurrency sector.
In this attack, Konni utilized the WinRAR vulnerability (CVE-2023-38831) recently disclosed by Group-IB. This is also the first time an APT group has been discovered using this particular vulnerability for an attack.