Security News > 2023 > August > Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI repository, camouflaging one of them as a VMware vSphere connector module named vConnector.
The packages were uploaded at the beginning of August, with one named VMConnect targeting IT professionals seeking virtualization tools.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto.
Fake VMware vConnector package on PyPI targets IT pros.
News URL
Related news
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)