Konni, a hacker group from North Korea, has reportedly exploited the WinRAR vulnerability to target the crypto industry.
While this is the Konni organization’s first known major attack in crypto, it has now become another threat as a North Korean hacker entity after Lazarus Group.
In a statement on Seebug, the Chinese security firm Chuangyu 404 Lab reveals that another infamous APT organization from North Korea has used the WinRAR vulnerability to attack the crypto industry.
The Chuangyu 404 team shares evidence and analysis of a potential attack using this vulnerability, which may cause severe destruction in the digital currency industry.
According to the team, this new method of attack targets victims by getting them to open an image screenshot of a wallet. As the WinRAR process opens files, it first searches and executes the same name directories within the folder that contain malicious code.
“This is also the first time that an APT organization has used this vulnerability to attack,” the Chuangyu 404 team said. ATP attacks differ from usual exploits as it utilizes more sophisticated intrusion methods.
The vulnerability dubbed CVE-2023-38831 was disclosed by Singapore-based cybersecurity firm Group-IB. WinRAR later released a patch to fix the issue but users still remained at risk for not updating their application version.
Also Read: Is Lazarus Group Also Involved In CoinEx’s $54 Million Hack?
