Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack, believed to be orchestrated by the Konni threat actor with potential links to North Korea, uses a Russian-language Microsoft Word document to deliver malware and harvest sensitive information from compromised Windows hosts. The malware relies on a remote access trojan (RAT) for extracting information and executing commands on compromised devices. The incident follows a trend of threat actors from Asia, particularly China and North Korea, increasingly targeting Russia’s infrastructure.