Sequretek Advisory - Targeted Phishing Attacks

A new phishing campaign by a state-sponsored group, tracked as ZINC, uses weaponized legitimate opensource software such as putty, with objectives focused on espionage, data theft, financial gain, and network destruction.

• Researchers at Microsoft and Mandiant have detected wide range of social engineering campaigns using weaponized legitimate open-source software by threat actor tracked as ZINC.

• ZINC is a highly operational, destructive, and sophisticated nation-state activity group, active since 2009. They employ traditional social engineering tactics by initially connecting with individuals on LinkedIn to establish a level of trust with their targets. Upon successful connection, ZINC encourages continued communication over WhatsApp, which acts as the means of delivery for their malicious payloads.

• ZINC is observed to weaponize a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installers for these attacks.

• Observed targets are employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia.

• Earlier this month researchers at Mandiant reported the ongoing campaign related to weaponized PuTTY.

Sign Up Here for Download