TECH

North Korean hackers sponsored by the dictatorial communist government of that country use modified open source software to carry out cyber attacks

Microsoft has accused the Lazarus (ZINC) hacking group, allegedly backed by the North Korean government, of carrying out a series of attacks using modified open source software such as PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, etc. compromise “many” organizations in the defense and aerospace industries, media, as well as in the IT field.

According to available data, attackers integrate malicious code into open source software, after which they push victims to use these modified utilities, which leads to compromise of systems. To gain the victim's trust, hackers pose as recruiters from different companies and contact employees of targeted organizations through LinkedIn.

After establishing a relationship of trust in the course of a series of conversations, the communication is transferred to the WhatsApp messenger. Through it, hackers distribute modified utilities and convince employees of target companies of the need to use them. After running this software on the target computer, the system gets compromised and other malware gets loaded onto it.

“As of June 2022, attackers have managed to compromise many organizations. Due to the wide variety of platforms and software used by ZINC in this campaign, ZINC could pose a serious threat to individuals and organizations in all industries and regions,” said Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense in a statement.

AVnews