Research Saturday 2.5.22
Ep 218 | 2.5.22

The persistent and patient nature of advanced threat actors.

Show Notes

Guest Danny Adamitis from Black Lotus Labs joins Dave to discuss their team's new research "New Konni Campaign Kicks the New Year Off by Targeting Russian Ministry of Foreign Affairs." Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID). Based upon the totality of information available and the close correlation with prior reporting, we assess with moderate confidence these actions leveraged the Konni malware, which has previously been associated with the Democratic People’s Republic of Korea, and were undertaken to establish access to the MID network for the purpose of espionage. This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks. After gaining access through stolen credentials, the actor was able to exploit trusted connections to distribute and load the malware, first by impersonating a government software program coinciding with new Covid mandates, and then through sending trojanized files from a compromised account.

The research can be found here: