Security News > 2023 > August > North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
Although they did not analyze the final payload, ReversingLabs researchers say that they collected enough evidence to link the VMConnect campaign to the infamous North Korean Lazarus APT group.
Py' file in the malicious packages, which contains the same payload decoding routine that JPCERT, Japan's Computer Security Incident Response Team found on another file called 'py Qrcode.
North Korean hackers 'ScarCruft' breached Russian missile maker.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)