Konni Group Targets Bitcoin Traders With Phishing Campaign

The Konni threat group also known as APT37 and Red Eyes launched a malicious phishing campaign targeting Bitcoin traders. They gained initial access using a zip file containing a malicious LNK file and a decoy PDF file. The group utilized multiple BAT files and obfuscated PowerShell commands to establish persistence through a registry Run key download more malicious files delete files compress files and collect and send sensitive information to command and control servers.