SlowMist CISO: North Korean APT organization Konni used the WinRAR vulnerability to attack the cryptocurrency industry for the first time. Users need to be vigilant

According to BlockBeats news, on September 15, SlowMist Chief Information Security Officer 23pds issued an article saying that according to feedback from the Chuangyu threat intelligence team, the North Korean APT organization Konni exploited the WinRAR vulnerability (CVE-2023-38831) to attack the digital currency industry for the first time. The North Korean APT organization Lazarus has already targeted the digital currency industry, mainly targeting cryptocurrency/financial related industries. However, this attack was the first to discover that in addition to the Lazarus organization, North Korea has other organizations targeting the cryptocurrency industry. In this attack, Konni used the WinRAR vulnerability (CVE-2023-38831) recently disclosed by Group-IB. This is also the first time that an APT organization has been found to use this vulnerability to attack. Lenovo's recent attacks on Stake and Coinex fully demonstrate that North Korean hackers are disclosing large-scale attacks on cryptocurrency trading platforms, etc. Users need to be more vigilant.