Security News > 2023 > August > North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
Although they did not analyze the final payload, ReversingLabs researchers say that they collected enough evidence to link the VMConnect campaign to the infamous North Korean Lazarus APT group.
Py' file in the malicious packages, which contains the same payload decoding routine that JPCERT, Japan's Computer Security Incident Response Team found on another file called 'py Qrcode.
North Korean hackers 'ScarCruft' breached Russian missile maker.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)