North Korean Malware Targets Windows, MacOS and Linux

North Korean Malware Targets Windows, MacOS and Linux

image provided by pixabay

This post is also available in: heעברית (Hebrew)

Cybersecurity researchers at ReversingLabs claim that a recent malicious cyber campaign targeting MacOS, Linux, and Windows systems was carried out by the North Korean threat group Lazarus.

The VMConnect campaign, spotted in early August, consists of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository, and after observing it for a few weeks ReversingLabs detected three more packages that belong to the VMConnect family.

According to Innovation New Network, analysis of the malicious packages used and their decrypted payloads reveals links to previous campaigns attributed to Labyrinth Chollima, an offshoot of the North Korean state-sponsored Lazarus Group.

ReversingLabs adds that a similar attribution was made by the JPCERT, which linked the attack it uncovered to DangerousPassword, another subsidiary of the Lazarus Group.

Based on this information, ReversingLabs concludes that the same threat actor was behind both attacks “and, therefore, that the VMConnect malicious campaign activity can be linked to the North Korean state-sponsored Lazarus Group.”

The group added that “As with prior software supply chain campaigns, including IconBurst, SentinelSneak, and others, the malicious actors behind VMConnect took steps to disguise their malicious payloads and make their published packages look trustworthy, despite the existence of malicious functionality.”

The revelations about this VMConnect campaign are a reminder that organizations need to improve their cyber defensive capabilities to encompass the full range of possible threats and attacks, including software supply-chain attacks. According to ReversingLabs, that requires firms to invest both the effort and resources needed to detect and prevent supply-chain attacks before they cause material damage to their business.

ReversingLabs is urging organizations to invest in training and raising awareness, as well as tools to detect suspicious or malicious indicators.