Microsoft warns of North Korean crew posing as LinkedIn recruiters

2022-09-30 05:53

Microsoft has claimed a North Korean crew poses as LinkedIn recruiters to distribute poisoned versions of open source software packages.

Dubbed "ZINC", the threat actors have previously run long-term phishing schemes targeting media, defence and aerospace, and IT services organizations in the US, UK, India, and Russia.

The open-source software included PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer.

Once in, the threat actors use custom remote access tools like FoggyBrass and PhantomStar.

"Due to the wide use of the platforms and software that ZINC utilizes in this campaign, ZINC could pose a significant threat to individuals and organizations across multiple sectors and regions," said Microsoft.

LinkedIn's Threat Prevention and Defense outfit detected ZINC making fake profiles and targeting engineers and tech support professionals in the past, and when they do, they shut them down.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/30/microsoft_north_korea_zinc_threat/

#linkedin #microsoft #northkorean

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		480	75	2308	5127	264	7774