Instead, the ZetaNile malware gets installed only when the apps connect to a specific IP address and use login credentials the fake recruiters give to targets. The app installers don't execute any malicious code. The Trojanized PuTTY and KiTTY apps Microsoft observed use a clever mechanism to ensure that only intended targets get infected and that it doesn't inadvertently infect others. A common theme is for members to target the employees of organizations they want to compromise, often by tricking or coercing them into installing Trojanized software. The group relies primarily on spear phishing as the initial vector into its victims, but they also use other forms of social engineering and website compromises at times. They regularly find and exploit zero-day vulnerabilities in heavily fortified apps and use many of the same malware techniques used by other state-sponsored groups. Its attacks on cryptocurrency exchanges over the past five years have generated billions of dollars for the country's weapons of mass destruction programs. Over the past decade, its prowess has grown considerably. Lazarus was once a ragtag band of hackers with only marginal resources and skills. Thursday's post said the same hackers have also weaponized KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software with code that installs the same espionage malware, which Microsoft has named ZetaNile. Two weeks ago, security firm Mandiant warned that hackers with ties to North Korea had Trojanized it in a campaign that successfully compromised a customer's network. PuTTY is a popular terminal emulator, serial console, and network file transfer application that supports network protocols, including SSH, SCP, Telnet, rlogin, and raw socket connection. "Due to the wide use of the platforms and software that ZINC utilizes in this campaign, ZINC could pose a significant threat to individuals and organizations across multiple sectors and regions." "The actors have successfully compromised numerous organizations since June 2022," members of the Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense teams wrote in a post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |