ZINC campaign targets Security Researchers

ZINC Blogs | IEMLabs

Recently, Microsoft has detected an ongoing ZINC campaign targeting security researchers working on vulnerability research and development. The same campaign was reported by Google’s Threat Analysis Group (TAG) just a few days before Microsoft Defender for Endpoint detected the campaign in progress. The main targets of this campaign included pen testers, private offensive security researchers, and employees at security and tech companies.

ZINC is a North-Korea based group of hackers that gained popularity in mid 2020 in the security research community on Twitter by re-tweeting high quality security content and posting about exploit research from an actor-controlled blog. Then the threat actors started approaching targeted security researchers on social media platforms such as Twitter and LinkedIn and gathered information about exploit techniques. If the researcher was responsive, the actor would offer to move communication to another platform (e.g., email, Discord) in some cases to then send files using encrypted or PGP protected ZIPs. The potential targets then received a Visual Studio project with malicious DLL that can lead to the installation of a backdoor threat which eventually would allow the attackers to obtain information, executing commands on a computer, and hands-on-keyboard action.

The current scenario clearly indicates that security agencies, researchers and professionals have become a prime target for cybercriminals. So it is highly recommended that security professionals use an isolated environment (e.g., a virtual machine) for building un-trusted projects in Visual Studio or opening any links or files sent by unknown parties. Moreover, one must run a full antimalware scan immediately after visiting a referenced ZINC-owned blog.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!