As the ongoing COVID-19 (Coronavirus) pandemic spreads around the world, the unprecedented and evolving global situation has created numerous opportunities for threat actors to leverage the worldwide concern and anxiety in their nefarious campaigns. Cyberint Research is closely monitoring the cyber threats leveraging COVID-19 pandemic. As part of those activities, our team compiled a summary addressing the initial activities we detected.

Throughout 2019 CyberInt Research observed multiple events related to Konni, remote administration tool, observed in the wild since early 2014. The Konni malware family is potentially linked to APT37, a North-Korean cyber espionage group active since 2012. The group primary victims are South-Korean political organizations, as well as Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East.