Home Security North Korean Hackers Weaponizing Open-Supply Software program in Newest Cyber Assaults

North Korean Hackers Weaponizing Open-Supply Software program in Newest Cyber Assaults

by crpt os


A “highly operational, destructive, and sophisticated nation-state activity group” with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022.

Microsoft’s threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is also tracked under the names Labyrinth Chollima.

Attacks targeted employees in organizations across multiple industries, including media, defense and aerospace, and IT services in the U.S., the U.K., India, and Russia.

CyberSecurity

The tech giant said it observed Zinc leveraging a “wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks.”

According to CrowdStrike, Zinc “has been active since 2009 in operations aimed at collecting political, military, and economic intelligence on North Korea’s foreign adversaries and conducting currency generation campaigns.”

The latest findings dovetail with a recent report from Google-owned Mandiant, which uncovered the adversary’s use of PuTTY via fraudulent job lures shared with potential targets on LinkedIn as part of a campaign dubbed Operation Dream Job.

This involves establishing initial connections with individuals by posing as recruitment professionals as a trust-building exercise, before moving the conversation to WhatsApp, where a tailored lure document or seemingly benign software is shared, effectively activating the infection sequence.

A successful compromise is followed by the threat actor moving laterally across the network and exfiltrating collected information of interest by deploying a backdoor called ZetaNile (aka BLINDINGCAN OR AIRDRY).

CyberSecurity

But in a bid to evade security defenses and avoid raising red flags, the implant is downloaded only when the victim uses the SSH clients to connect to a particular IP address through the credentials specified in a separate text file.

Likewise, attacks employing the trojanized version of TightVNC Viewer are configured to install the backdoor only when the user selects a particular remote host from the options provided.

“Zinc attacks appear to be motivated by traditional cyberespionage, theft of personal and corporate data, financial gain, and corporate network destruction,” the company said.

“Zinc attacks bear many hallmarks of state-sponsored activities, such as heightened operational security, sophisticated malware that evolves over time, and politically motivated targeting.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex