216.73.217.80

KONNI Adopts AI to Generate PowerShell Backdoors

· Published 22/01/2026 18:22 · Modified 22/01/2026 20:32

Export JSON

Essential information

Published
22/01/2026 18:22
Modified
22/01/2026 20:32
Tags
2026-01-22 ai-generated apac backdoor blockchain north korea phishing powershell powershell backdoor simplehelp software developers
Related entities
34 observables, 1 intrusion sets (apt), 5 others

Description

A -linked threat actor known as KONNI has been observed conducting a campaign targeting and engineering teams, particularly those with expertise. The campaign uses backdoors and targets a broader range of countries in the region. The infection chain begins with a Discord-hosted link downloading a ZIP archive containing a PDF lure and a malicious LNK file. The LNK file deploys additional components, including the . The employs various anti-analysis techniques and establishes persistence through scheduled tasks. This campaign demonstrates KONNI's evolution in tactics and tooling, including the adoption of AI-assisted malware development.

External references