Konni is a apt_group tracked across 20 threat clusters and 34 intelligence report mentions on ThreatCluster. First observed November 10, 2025; most recent activity May 28, 2026.
ESET's latest APT Activity Report reveals that from October 2025 to March 2026, China-aligned threat actors engaged in extensive espionage campaigns, particularly in Venezuela and the Gulf region. Following U.S.…
North Korea-linked hackers from the Konni group executed a spear-phishing campaign utilizing the KakaoTalk messaging platform to distribute malware and steal sensitive information. The campaign involved sending emails…
Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive…
A North Korea-linked hacking group has executed a new cyberattack capable of remotely controlling Android smartphones and PCs, leading to data deletion and malware distribution. The attack, attributed to groups Kimsuky…
Microsoft has mitigated a high-severity Windows LNK vulnerability, tracked as CVE-2025-9491, which has been exploited by state-backed and cybercrime groups in zero-day attacks. This flaw allows attackers to hide…
Five individuals have pleaded guilty to facilitating North Korean operatives in obtaining remote IT jobs at U.S. companies by using false and stolen identities. The U.S. Department of Justice has also seized $15 million…
The North Korean hacker group Konni is utilizing AI-generated PowerShell malware to target developers and engineers in the blockchain sector. This campaign is linked to APT37 and Kimsuky activity clusters, with Konni…
In September 2025, the North Korea-linked APT group Konni, also known as Kimsuky, targeted users by posing as counselors to steal data and wipe Android phones using Google Find Hub. The attacks also affected Windows…
The FBI has issued a warning about the North Korean hacker group Kimsuky employing malicious QR codes in spear-phishing campaigns targeting U.S. organizations. The attacks focus on entities involved in North…
South Korean authorities suspect that North Korea's Lazarus Group was behind a hack of Upbit, resulting in losses of approximately $30.4 million. The breach involved unusual activity in Solana tokens and led Upbit to…