State-sponsored hackers exploit unpatched Zimbra devices
A recent series of compromises that exploited unpatched Zimbra devices was an operation sponsored by the North Korean government and aimed to steal intelligence from a collection of private and public medical and energy sector researchers.
Analysts with W labs in a new report explained that due to an overlap in techniques, and thanks to a mess up by one of the threat actors, they attributed the recent series of cyber incidents against unpatched Zimbra devices to the Lazarus group, a well-known cybercriminal group sponsored by the North Korean government.
A joint report by NSA and Central Security service said “DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains. The actors intend to conceal their affiliation and then exploit common vulnerabilities and exposures (CVE) in order to gain access and escalate privileges on targeted networks to perform ransomware activities. Recently observed CVEs include remote code execution in the Apache Log4j software library (also known as “Log4Shell”) and remote code execution in various SonicWall appliances.”
Lazarus ran a campaign using unpatched Zimbra devices
Lazarus ran this campaign and other likewise intelligence-ga
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: