Security News > 2021 > January > Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher
Microsoft has attributed a recently discovered campaign to target security researchers with custom malware through elaborate socially-engineered attacks to an APT group affiliated with North Korea-linked Lazarus Group.
Given Microsoft's connection to the attacks, researchers from the Microsoft 365 Defender Threat Intelligence Team revealed Thursday in a blog post what they have seen of the campaign.
Researchers said with "High confidence" that the campaign-which they saw targeting "Pen testers, private offensive security researchers, and employees at security and tech companies"-looks like the work of ZINC because of its "Observed tradecraft, infrastructure, malware patterns, and account affiliations."
TAG's initial alert revealed that attackers linked to North Korea were targeting security researchers in a campaign it said it had been tracking over the last several months that uses various means-including attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts-to interact with and attack security professionals at multiple organizations.
Because those infected were running fully patched and up-to-date Windows 10 and Chrome browser versions, the hackers likely were using zero-day vulnerabilities in their campaign, according to TAG. Microsoft cited Google TAG's research for "Capturing the browser-facing impact of this attack" and said it's releasing its own findings "To raise awareness in the cybersecurity community about additional techniques used in this campaign and serve as a reminder to security professionals that they are high-value targets for attackers."
The campaign observed by the Microsoft team saw ZINC beginning to build its reputation in the research community using Twitter in mid-2020.