lazarusholicSep 18, 2024
"Code of Conduct: DPRK’s Python-fueled intrusions into secured networks" published by Elastic. #VMConnect, #DPRK, #CTI https://www.elastic.co/security-labs/dprk-code-of-conduct
Code of Conduct: DPRK’s Python-fueled intrusions into secured networks — Elastic Security Labs

Investigating the DPRK’s strategic use of Python and carefully crafted social engineering, this publication sheds light on how they breach highly secure networks with evolving and effective cyber attacks.

RedPacket SecuritySep 14, 2024

Lazarus Group's VMConnect Campaign: New Threats Targeting Developers - https://www.redpacketsecurity.com/lazarus-group-targets-developers-in-fresh-vmconnect-campaign/

#threatintel #Lazarus_Group #VMConnect #malware

Lazarus Group's VMConnect Campaign: New Threats Targeting Developers - RedPacket Security

The Lazarus Group has been actively continuing its VMConnect campaign, specifically targeting developers by distributing new malicious software packages via

RedPacket Security
lazarusholicSep 10, 2024
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs. #Lazarus, #PyPI, #VMConnect, #DPRK, #CTI https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
Fake recruiter coding tests target devs with malicious Python packages

RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.

ReversingLabs
lazarusholicOct 26, 2023
"Evidence Leads to Lazarus as the VMConnect Supply Chain Attack Continues" published by Hawkeye. #VMConnect, #PyPI, #CTI, #OSINT, #LAZARUS https://www.hawk-eye.io/2023/10/evidence-leads-to-lazarus-as-the-vmconnect-supply-chain-attack-continues/
ottotoSep 1, 2023

「 "北朝鮮 のハッカーが新たな悪意のある #Python パッケージを #PyPI リポジトリに展開 」: The Hacker News

「3 つの不正な Python パッケージが Package Index (PyPI) リポジトリで発見され、北朝鮮 #VMConnect 国家支援の脅威アクターの関与を示す兆候が見られます。

ReversingLabs による調査結果は 、パッケージ tablediter、request-plus、およびrequestspro を検出した。 」

https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html

#prattohome #TheHackerNews

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Researchers uncover 3 more malicious Python packages in PyPI repository under VMConnect campaign.

The Hacker News
lazarusholicAug 31, 2023
"VMConnect supply chain attack continues, evidence points to North Korea" published by ReversingLabs. #LabyrinthChollima, #VMConnect, #CTI, #OSINT, #LAZARUS https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues
VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.

ReversingLabs
ricardo Aug 31, 2023

North Korean hackers behind malicious #VMConnect #PyPI campaign ⚠️

https://www.bleepingcomputer.com/news/security/north-korean-hackers-behind-malicious-vmconnect-pypi-campaign/

North Korean hackers behind malicious VMConnect PyPI campaign

North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI (Python Package Index) repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.

BleepingComputer
ottotoAug 5, 2023

#PyPI 上の偽の #VMware #vConnector パッケージは IT プロフェッショナルをターゲットにしています 」: BLEEPINGCOMPUTER

「VMware vSphere コネクタ モジュール「vConnector」を模倣した悪意のあるパッケージが、IT プロフェッショナルをターゲットに「 #VMConnect 」という名前で Python Package Index (PyPI) にアップロードされました。

VMware vSphere は仮想化ツール スイートで、vConnector は開発者やシステム管理者が使用するインターフェイス Python モジュールで、 PyPI 経由で毎月約 40,000 件ダウンロードされています。 」

#prattohome #BLEEPINGCOMPUTER