Konni Campaign Distributed Via Malicious Document
Fortinet News, Monday, November 20,2023
FortiGuard Labs recently identified the use of a Russian-language Word document equipped with a malicious macro in the ongoing Konni campaign. Despite the document's creation date of September, ongoing activity on the campaign's C2 server is evident in internal telemetry
This campaign relies on a remote access trojan (RAT) capable of extracting information and executing commands on compromised devices. Operating for several years, this campaign employs diverse strategies for initial access, payload delivery, and establishing persistence within victims' networks. In this blog, we will elaborate on the behavior of the malware at each stage.