"North Korean Hackers Behind Malicious VMConnect PyPI Campaign"

North Korean state-sponsored hackers are responsible for the VMConnect campaign, which uploaded malicious packages to the Python Package Index (PyPI) repository. One of the packages mimicked the VMware vSphere connector module vConnector. The packages were uploaded at the beginning of August, with a package named "VMConnect" aimed at Information Technology (IT) professionals looking for virtualization tools. VMConnect had 237 downloads before its removal from the PyPI platform. Two additional packages containing the same code, named "ethter" and "quantiumbase," were downloaded 253 and 216 times, respectively. According to a new report, ReversingLabs links the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers. This article continues to discuss the VMConnect PyPI campaign. 

Bleeping Computer reports "North Korean Hackers Behind Malicious VMConnect PyPI Campaign"

Submitted by Anonymous on