Security News > 2023 > August > North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
Although they did not analyze the final payload, ReversingLabs researchers say that they collected enough evidence to link the VMConnect campaign to the infamous North Korean Lazarus APT group.
Py' file in the malicious packages, which contains the same payload decoding routine that JPCERT, Japan's Computer Security Incident Response Team found on another file called 'py Qrcode.
North Korean hackers 'ScarCruft' breached Russian missile maker.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- OpenAI bans ChatGPT accounts used by North Korean hackers (source)
- North Korean Hackers Steal $1.5B in Cryptocurrency (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)