"Lazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries"
Security researchers at Microsoft Threat Intelligence Center (MSTIC) discovered that threat actors associated with North Korea have been weaponizing legitimate open–source software targeting employees in organizations across multiple industries. According to the researchers, the attacks were executed by an actor Microsoft tracks as Zinc, more commonly known as the Lazarus Group. Zinc has targeted media, defense and aerospace, and IT services in the US, UK, India, and Russia, successfully compromising numerous organizations. The researchers noted that beginning in June 2022, Zinc employed traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets. Upon successful connection, Zinc encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads. In terms of specific open–source software tools used for the attacks, the hackers would have weaponized PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. The researchers noted that due to the wide use of the platforms and software that Zinc utilizes in this campaign, Zinc could pose a significant threat to individuals and organizations across multiple sectors and regions.