North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks
Sep 30, 2022
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, a threat group affiliated with Lazarus which is also tracked under the name Labyrinth Chollima. Attacks targeted employees in organizations across multiple industries, including media, defense and aerospace, and IT services in the U.S., the U.K., India, and Russia. The tech giant said it observed Zinc leveraging a "wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks." According to CrowdStrike , Zinc "has been active since 2009 in operations aimed at collecting polit