The North Korean hacker group APT37 attacked the Russian Foreign Ministry and its employees in late 2021 and subsequently compromised the account of a government employee, US information security experts have reported.
According to researchers at US cybersecurity companies Cluster25 and Black Lotus Labs, and later reported by Moscow daily Kommersant, a phishing campaign was targeted at the Ministry back in October. The researchers claim that some employees were sent archives of documents and asked to provide vaccination details, while others were fed with links to malware disguised as software the Russian government uses to collect Covid vaccination statuses. As a result, one account was compromised.
From the compromised address, hackers managed to send a phishing email to Russian Deputy Minister Sergey Ryabkov on December 20 and also targeted the Russian Embassy in Indonesia.
APT37 is well-known for using software called Konni, a remote administration tool. It has been reportedly used to target South Korea, as well as political organizations in Japan, India, and China, among other countries. According to Kommersant, the group has been around since at least 2017.