A new phishing campaign by a state-sponsored group, tracked as ZINC, uses weaponized legitimate opensource software such as putty, with objectives focused on espionage, data theft, financial gain, and network destruction.
• Researchers at Microsoft and Mandiant have detected wide range of social engineering campaigns using weaponized legitimate open-source software by threat actor tracked as ZINC.
• ZINC is a highly operational, destructive, and sophisticated nation-state activity group, active since 2009. They employ traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets. Upon successful connection, ZINC encourages continued communication over WhatsApp, which acts as the means of delivery for their malicious payloads.
• ZINC is observed to weaponize a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installers for these attacks.
• Observed targets are employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia.
• Earlier this month researchers at Mandiant reported the ongoing campaign related to weaponized PuTTY.