Security News > 2023 > August > North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.
A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.
The researchers discovered more packages that are part of the same VMConnect operation, namely 'tablediter', 'request-plus', and 'requestspro'.
Although they did not analyze the final payload, ReversingLabs researchers say that they collected enough evidence to link the VMConnect campaign to the infamous North Korean Lazarus APT group.
Py' file in the malicious packages, which contains the same payload decoding routine that JPCERT, Japan's Computer Security Incident Response Team found on another file called 'py Qrcode.
North Korean hackers 'ScarCruft' breached Russian missile maker.