HealthcareCISO

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security Cybersecurity and Infrastructure alert.

First observed in 2014, the malware has been linked to several campaigns tied to North Korea. There are also signficant links in code with the NOKKI malware family and some evidence that links KONNI to the APT37 hacking group.

KONNI is typically delivered through...