Security News > 2023 > August > Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI repository, camouflaging one of them as a VMware vSphere connector module named vConnector.
The packages were uploaded at the beginning of August, with one named VMConnect targeting IT professionals seeking virtualization tools.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto.
Fake VMware vConnector package on PyPI targets IT pros.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)