If you are considering applying for a job, make sure that the job listing and recruiter are legitimate.
At the end of September, the Microsoft Threat Intelligence Center (MSTIC) issued a warning about a social engineering effort that targeted people using open-source software. This new attack comes from ZINC, a state-sponsored organization in North Korea, that specializes in using cybercriminal strategies to break into large networks to obtain data, financial records, and other important information.
If you’re wondering why the name ZINC sounds so familiar, well, it’s because they were the organization that successfully attacked Sony Pictures Entertainment in 2014.
ZINC cyberattacks have been using spear-phishing tactics to target numerous organizations and regions, with heavy action found in the US, UK, India, and Russia, primarily in the media, defense, aerospace, and IT sectors.
What is spear-phishing?
Spear-phishing is a targeted, fraudulent attack on a specific individual or organization to reveal personal and financial information. Spear phishing is different from phishing as the target is specific rather than a large, general attack with no particular focus.
Zinc knows you like to download free software and is adding malware to this software
MSTIC has found ZINC executing its attacks by infiltrating a user’s device through open-source software such as PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. Once the disguised open-source software is downloaded, malware is implanted on a user’s device, which can continue sending attacks by deploying additional malware through scheduled tasks.
More recently, ZINC has been using LinkedIn to attack job hunters.
How is ZINC attacking job hunters?
Starting in June 2022, ZINC has used social campaigns to trick individuals on LinkedIn. The Threat Prevention and Defense Team at LinkedIn detected ZINC creating fraudulent profiles pretending to be recruiters, gaining an individual’s trust, and then switching communication to another social channel, the encrypted text and voice messaging app, WhatsApp.
As the individual continues to communicate on WhatsApp, malware is transmitted to the person’s device. These attacks have been targeted at engineers and technical support professionals at large tech companies in the US, UK, India, and Russia, encouraging them to apply for open positions to gain access to their company’s networks. LinkedIn’s Threat Prevention and Defense Team has acted quickly, deleting all accounts connected to any fraudulent behavior.
Is this attack from ZINC new?
Although Microsoft only recently reported attacks from ZINC, companies like Chollima and Black Artemis have been following their attack campaigns since late April 2022.
ZINC is after traditional cybertheft of personal and financial records, corporate data, and network takeovers of organizations, but it has also been known to deploy advanced malware that evolves and can use politically motivated targeting.
Lock up your tech
My biggest desire is to educate and inform you about the increased real threat to each of our connected devices and encourage you to use strong antivirus security protection on everything in your life connected to the rest of the world. The best way to protect yourself is to install antivirus software on your devices. Our top choice for Antivirus software is TotalAV. It’s super easy to install and you’ll have peace of mind knowing you’ll have real-time protection, phishing scam protection, ransomware protection plus more. Protects Windows, Mac, Android & iOS Devices. Limited-time deal for CyberGuy readers: $19 your first year (80% off). Read more about our Best Antivirus Protection review here.
- Best Antivirus Protection in 2022
- Free Antivirus Software: Should you use it?
- Malware Alert: Delete these 35 Android apps