CISA Alert: Phishing Emails Used to Deploy KONNI Malware

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert advising that is has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts. The alert contains technical details of the activity, including techniques categorized by the MITRE ATT&CK framework, as well as a list of mitigation measures CISA recommends that users and administrators consider to strengthen the security posture of their organization’s systems. Read the advisory at CISA.