North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.
The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.
“Initial access was achieved through a spear-phishing email disguised as a
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
