Security News > 2022 > September > Microsoft: Lazarus hackers are weaponizing open-source software
Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment.
The list of open-source software weaponized by Lazarus state hackers to deploy the BLINDINGCAN backdoor includes PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer.
This trojanized software was used in social engineering attacks from late April to mid-September 2022 and primarily focused on engineers and technical support professionals working at IT and media organizations in the UK, India, and the U.S. The attackers created "Fake profiles claiming to be recruiters working at technology, defense, and media entertainment companies, with the goal of moving targets away from LinkedIn and to the encrypted messaging app WhatsApp for the delivery of malware," Microsoft said.
After the targets were tricked into downloading the weaponized software to deploy the malware on their systems, the Lazarus operators used the backdoor for lateral movement and network discovery, with the end goal of stealing sensitive info.
The Lazarus Group is a North-Korean military hacking group active since at least 2009.
More recently, Lazarus targeted security researchers in social engineering attacks using elaborate fake "Security researcher" social media personas in January and in a similar campaign in March.