1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Open source software hijacked by North Korean hackers

    From TechnologyDaily@1337:1/100 to All on Fri Sep 30 19:15:03 2022
    Open source software hijacked by North Korean hackers

    Date:
    Fri, 30 Sep 2022 18:04:24 +0000

    Description:
    Lazarus is luring victims into downloading malware with fake job ads, Microsoft warns.

    FULL STORY ======================================================================

    Infamous North Korean threat actor Lazarus Group has been observed engaging
    in a highly sophisticated, targeted malware attack that involves compromising popular open-source software and running spear phishing campaigns.

    As a result, it has managed to compromise numerous organizations in the
    media, defense and aerospace, as well as IT services industries, a report
    from Microsoft has concluded.

    The company claims Lazarus (or ZINC, as it dubs the group) compromised PuTTY, among other open-source applications, with malicious code that installs spyware. PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application. Installing ZetaNile

    But simply compromising open-source software doesnt guarantee entrance to the target organizations endpoints - people still need to download and run the software. Thats where spear-phishing comes in. By engaging in a highly-targeted social engineering attack on LinkedIn, the threat actors get certain individuals working at target companies to download and run the app. Apparently, the groups members assume the identities of recruiters on LinkedIn, offering people lucrative job opportunities.

    The app was specifically tailored to avoid being detected. Its only when the app connects to a specific IP address, and logs in using a special set of login credentials, that the app initiates the ZetaNile espionage malware.

    Besides PuTTY, Lazarus managed to compromise KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. Read more

    That Coinbase job offer could actually be North Korean hackers


    Fake Crypto.com job offers targeting developers and artists to spread
    malware


    Check out the best antivirus tools right now

    "The actors have successfully compromised numerous organizations since June 2022," members of the Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense teams wrote in a post. "Due to the wide use of the platforms and software that ZINC utilizes in this campaign, ZINC could pose a significant threat to individuals and organizations across multiple sectors and regions."

    Lazarus is no stranger to fake job offer attacks. After all, the group has been doing the same for crypto developers and artists, pretending to be recruiters for the likes of Crypto.com or Coinbase. Here are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/open-source-software-hijacked-by-north-korean-h ackers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)