Open source software hijacked by North Korean hackers

Infamous North Korean threat actor Lazarus Group has been observed engaging in a highly sophisticated, targeted malware attack that involv...

Infamous North Korean threat actor Lazarus Group has been observed engaging in a highly sophisticated, targeted malware attack that involves compromising popular open-source software and running spear phishing campaigns. 

As a result, it has managed to compromise “numerous” organizations in the media, defense and aerospace, as well as IT services industries, a report from Microsoft has concluded. 

The company claims Lazarus (or ZINC, as it dubs the group) compromised PuTTY, among other open-source applications, with malicious code that installs spyware. PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application.

Installing ZetaNile

But simply compromising open-source software doesn’t guarantee entrance to the target organization’s endpoints - people still need to download and run the software. That’s where spear-phishing comes in. By engaging in a highly-targeted social engineering attack on LinkedIn, the threat actors get certain individuals working at target companies to download and run the app. Apparently, the group’s members assume the identities of recruiters on LinkedIn, offering people lucrative job opportunities.

The app was specifically tailored to avoid being detected. It’s only when the app connects to a specific IP address, and logs in using a special set of login credentials, that the app initiates the ZetaNile espionage malware. 

Besides PuTTY, Lazarus managed to compromise KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. 

"The actors have successfully compromised numerous organizations since June 2022," members of the Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense teams wrote in a post. "Due to the wide use of the platforms and software that ZINC utilizes in this campaign, ZINC could pose a significant threat to individuals and organizations across multiple sectors and regions."

Lazarus is no stranger to fake job offer attacks. After all, the group has been doing the same for crypto developers and artists, pretending to be recruiters for the likes of Crypto.com or Coinbase. 



from TechRadar - All the latest technology news https://ift.tt/MtTm6Id
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Open source software hijacked by North Korean hackers
Open source software hijacked by North Korean hackers
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/10/open-source-software-hijacked-by-north.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/10/open-source-software-hijacked-by-north.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy