Lovers Spat? North Korea Backdoors Russian Foreign Affairs Ministry

First Brad and Jennifer, now Kim and Putin? Romance truly is dead, as North Korea is caught spying (again) on its partner to the north with the Konni malware.

North Korean state hackers appear to be spying on Russia, by planting a backdoor inside of bespoke, internal government software.
In mid-January 2024, a sample of the Konni backdoor was uploaded to VirusTotal. More interesting than the gift, though, was the wrapping — it came bundled inside of a Russian-language installer, apparently associated with a tool called Statistika KZU (Cтатистика КЗУ).
Upon further investigation,
researchers from Berlins DCSO CyTec
were unable to find any public record or even references to Statistika KZU. Based on install paths, file metadata, and user manuals included in the installer, however, they deduced that it is a platform built for internal use within Russias Ministry of Foreign Affairs (MID). Specifically, officials use it to securely relay annual statistical reports from overseas consular posts (the researchers did note that they were unable to conclusively confirm its legitimacy, as they were unable to independently test the programs functionality).
The use of a backdoor in software used almost exclusively by the Russian Foreign Ministry stands out, says John Bambenek, president at Bambenek Consulting. It shows that the DPRK did their research here for a very specific hook into their victims, and is, ironically, a more targeted and precise adaptation of the approach Russian intelligence
used with NotPetya
.
Russia and North Korea have a longstanding friendship,
as strong today as ever
.
Even its cybercriminals are friends
.
And yet, behind the scenes, Kim Jong-Uns hackers have an extensive history of spying on their northern neighbors.
For no less than half a decade
, state hackers have been carrying out attacks specifically targeting Russian companies. Theyve continued with similar activity ever since, aiming campaigns against
diplomats and policy experts
,
the military
, and more. Konni has taken center stage in a number of these incidents, including
a broad 2018 campaign
which swept up Russian-speaking individuals and businesses.
In fact, this latest Konni case may only have been possible thanks to prior information-gathering efforts.
In its blog post, DCSO wondered how the DPRK couldve even known about internal Russian government software. We are unable to offer any concrete conclusions in this regard, they wrote, but added that Konni-linked activity targeting Russian foreign policy end-targets including the MID has been observed for many years, potentially providing many opportunities for internal tool identification and subsequent acquisition or exfiltration for backdooring purposes.
Spying on ones friends may be uncouth, but it is not uncommon for intelligence agencies to spy even on their putative allies, if for nothing else, for insights to either strengthen the relationship or to identify and mitigate threats to the relationship, Bambenek points out.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Lovers Spat? North Korea Backdoors Russian Foreign Affairs Ministry