SlowMist CISO: North Korean APT organization Konni exploited the WinRAR vulnerability to attack the digital currency industry for the first time

Odaily News Slow Mist Chief Information Security Officer (CISO) 23pds posted on the The North Korean APT organization Lazarus has already targeted the digital currency industry, mainly targeting cryptocurrency/financial related industries. However, this attack revealed for the first time that in addition to the Lazarus organization, North Korea has other organizations targeting the cryptocurrency industry. In this attack, Konni used the WinRAR vulnerability (CVE-2023-38831) recently disclosed by Group-IB. This is also the first time that an APT organization has been found to use this vulnerability to attack. According to Lenovo, the recent attacks on Stake.com, CoinEX, etc. fully demonstrate that North Korean hackers are disclosing large-scale attacks on cryptocurrency trading platforms, etc. Users need to be more vigilant.