First Brad and Jennifer, now Kim and Putin? Romance truly is dead, as North Korea is caught spying (again) on its partner to the north with the Konni malware.
February 23, 2024 By Nate Nelson
North Korean state hackers appear to be spying on Russia, by planting a backdoor inside of bespoke, internal government software.
In mid-January 2024, a sample of the Konni backdoor was uploaded to VirusTotal. More interesting than the gift, though, was the wrapping — it came bundled inside of a Russian-language installer, apparently associated with a tool called "Statistika KZU" (Cтатистика КЗУ).
Upon further investigation, researchers from Berlin's DCSO CyTec were unable to find any public record or even references to Statistika KZU. Based on install paths, file metadata, and user manuals included in the installer, however, they deduced that it is a platform built for internal use within Russia's Ministry of Foreign Affairs (MID). Specifically, officials use it to securely relay annual statistical reports from overseas consular posts (the researchers did note that they were unable to conclusively confirm its legitimacy, as they were unable to independently test the program's functionality).
