1 min read

North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find

Silviu STAHIE

September 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find

Security researchers have identified new social engineering campaigns leveraging open source software to deliver malware that could help criminals with data theft, espionage and more.

Lots of companies and public institutions use open-source software in their daily operations. It’s easy to see why such software could become a delivery method for malware. Of course, offering tainted installers for widely used open-source software is not enough. Criminals need to resort to social engineering campaigns to persuade people to download and install infected software.

Security researchers from Microsoft attributed this new wave of campaigns to a North Korea-based, state-sponsored group named ZINC. Spearphishing is ZINC’s primary attack vector as the group approaches employees via social networks, especially LinkedIn. The goal is to persuade victims to install what seems to be innocuous open source software, which in reality has been modified to infect systems.

“Beginning in June 2022, ZINC employed traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets,” said Microsoft. “Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads.”

“MSTIC observed ZINC weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks. ZINC was observed attempting to move laterally and exfiltrate collected information from victim networks. The actors have successfully compromised numerous organizations since June 2022,” Microsoft added.

These apps give criminals a way into the affected systems, allowing them to deploy malware and take complete control, and letting them move laterally inside the network.

Microsoft published a complete list of indicators of compromise for the malicious apps, attachments, files and IP addresses for command and control servers and other compromised domains.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Rackspace customers rage following ransomware attack, as class-action lawsuits filed Rackspace customers rage following ransomware attack, as class-action lawsuits filed
Graham CLULEY

December 09, 2022

3 min read
2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read