1 min read

North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find

Silviu STAHIE

September 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find

Security researchers have identified new social engineering campaigns leveraging open source software to deliver malware that could help criminals with data theft, espionage and more.

Lots of companies and public institutions use open-source software in their daily operations. It’s easy to see why such software could become a delivery method for malware. Of course, offering tainted installers for widely used open-source software is not enough. Criminals need to resort to social engineering campaigns to persuade people to download and install infected software.

Security researchers from Microsoft attributed this new wave of campaigns to a North Korea-based, state-sponsored group named ZINC. Spearphishing is ZINC’s primary attack vector as the group approaches employees via social networks, especially LinkedIn. The goal is to persuade victims to install what seems to be innocuous open source software, which in reality has been modified to infect systems.

“Beginning in June 2022, ZINC employed traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets,” said Microsoft. “Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads.”

“MSTIC observed ZINC weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks. ZINC was observed attempting to move laterally and exfiltrate collected information from victim networks. The actors have successfully compromised numerous organizations since June 2022,” Microsoft added.

These apps give criminals a way into the affected systems, allowing them to deploy malware and take complete control, and letting them move laterally inside the network.

Microsoft published a complete list of indicators of compromise for the malicious apps, attachments, files and IP addresses for command and control servers and other compromised domains.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read