North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Security researchers have identified new social engineering campaigns leveraging open source software to deliver malware that could help criminals with data theft, espionage and more.
Lots of companies and public institutions use open-source software in their daily operations. It’s easy to see why such software could become a delivery method for malware. Of course, offering tainted installers for widely used open-source software is not enough. Criminals need to resort to social engineering campaigns to persuade people to download and install infected software.
Security researchers from Microsoft attributed this new wave of campaigns to a North Korea-based, state-sponsored group named ZINC. Spearphishing is ZINC’s primary attack vector as the group approaches employees via social networks, especially LinkedIn. The goal is to persuade victims to install what seems to be innocuous open source software, which in reality has been modified to infect systems.
“Beginning in June 2022, ZINC employed traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets,” said Microsoft. “Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads.”
“MSTIC observed ZINC weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks. ZINC was observed attempting to move laterally and exfiltrate collected information from victim networks. The actors have successfully compromised numerous organizations since June 2022,” Microsoft added.
These apps give criminals a way into the affected systems, allowing them to deploy malware and take complete control, and letting them move laterally inside the network.
Microsoft published a complete list of indicators of compromise for the malicious apps, attachments, files and IP addresses for command and control servers and other compromised domains.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022