ZINC attacks against security researchers
Contents
Microsoft threat intelligence presented at CyberWarCon 2022
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.
In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.
This ongoing campaign was reported by Google’s Threat Analysis Group (TAG) earlier this week, capturing the browser-facing impact of this attack. By sharing additional details of the attack, we hope to raise awareness in the cybersecurity community about additional techniques used in this campaign and serve as a …
At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.
In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.
This ongoing campaign was reported by Google’s Threat Analysis Group (TAG) earlier this week, capturing the browser-facing impact of this attack. By sharing additional details of the attack, we hope to raise awareness in the cybersecurity community about additional techniques used in this campaign and serve as a …
IoC
079659fac6bd9a1ce28384e7e3a465be4380acade3b4a4a4f0e67fd0260e9447
0a2d81164d524be7022ba8fd4e1e8e01bfd65407148569d172e2171b5cd76cd4
0ac5c8ad0c2ddef4d41724acac586ffabcc92ab9d4906a4fc4a1ff2ec2feec7c
0acf21fba2b46ad2dd9c0da887f0fda704e7a5569b735c288d43a57688eb53fa
11fef660dec27474c0c6c856a7b4619155821fdd1ce404848513a2700be806a5
133280e985448a3cfa8906830af137634c4657740a8c7209a368c5a0d0b3dabf
16ad21aedf8f43fcedaa19dbd4f4fda0f3fec0517662b99a3054dac6542ab865
1cc60cb1e08779ff140dfbb4358a7c2587ba58ad2f1f23343b9efb51bb25aaed
1d9a58bc9b6b22fb3e3099996dbab13bfc5258b8307026f66fa69729d40f2b13
25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc
284df008aa2459fd1e69b1b1c54fb64c534fce86d2704c4d4cc95d72e8c11d6f
2cbdea62e26d06080d114bbd922d6368807d7c6b950b1421d0aa030eca7e85da
33665ce1157ddb7cd7e905e3356b39245dfba17b7a658bdbf02b6968656b9998
34e13e2efb336fbe8202ca931a496aa451cf554450806b63d25a57a627e0fb65
39ad9ae3780c2f6d41b1897e78f2b2b6d549365f5f024bc68d1fe794b940f9f1
3ab770458577eb72bd6239fe97c35e7eb8816bce5a4b47da7bd0382622854f7c
3d3195697521973efe0097a320cbce0f0f98d29d50e044f4505e1fbc043e8cf9
46efd5179e43c9cbf07dcec22ce0d5527e2402655aee3afc016e5c260650284a
4bfeb22ec438cf7ed8a7fefe6e7f321d842ad6ade0ca772732d1a757177e7ad7
4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244
5024f199836692fe428aef3d41a561448632e9cbab954f842ef300573600423d
53f3e55c1217dafb8801af7087e7d68b605e2b6dde6368fceea14496c8a9f3e5
5815103140c68614fd7fc05bad540e654a37b81b7e451e213128f2eff081005a
58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7
6b3a693d391426182fc2944d14b0816cdf1e5f87c13d6eb697756f9577b0bcee
70e1f774c0c80e988641d709d3a6990193e039b1ce618ceaacc1d61a850e9b76
77a9a0f67d09cafaf05ee090483a64622a7a04dfe226763f68651b071c1802f2
80a19caf4cfc9717d449975f98a157d0a483bf48a05e3b6f7a9b204faa8c35d1
88aeaff0d989db824d6e9429cd94bc22bbbfc39775c0929e703343798f69e9cc
8d85e31de2623538a42a211e3919d5602f99dc80f21e0c5f99d53838b2b07063
90b4bd609b84c41beeed5b9310f2d84de83c74aaecfd1facc02e278be5059110
913871432989378a042f5023351c2fa2c2f43b497b75ef2a5fd16d65aa7d0f54
95e42a94d4df1e7e472998f43b9879eb34aaa93f3705d7d3ef9e3b97349d7008
96d7a93f6691303d39a9cc270b8814151dfec5683e12094537fd580afdf2e5fe
98a6e0c8b8ec4dbbc3ef21308ec04912fa38e84828cedad99e081d588811ba5e
99c95b5272c5b11093eed3ef2272e304b7a9311a22ff78caeb91632211fcb777
9c90bbe4b61136d94170e90c299adab0d1ccbc3a8f71519799dd901d742f3561
9d5320e883264a80ea214077f44b1d4b22155446ad5083f4b27d2ab5bd127ef5
9e562cc5c3eb48a5f1a1ccd29bf4b2ff4ab946f45aa5d8ea170f69104b684023
9f23069f74d0fb09823ad7f46f338d7920a731622404a7754df36ffbc40f8744
9fd05063ad203581a126232ac68027ca731290d17bd43b5d3311e8153c893fe3
a1c4c617d99d10bbb2524b4d5bfdcf00f47d9cf39e8c7d3e6a9ce1219393da5a
a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15
a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855
aa5264323755a7dfa7c39ada09224c8c1de03ec8aeb6f7b216a56e8475e5f547
ada7e80c9d09f3efb39b729af238fcdf375383caaf0e9e0aed303931dc73b720
aeb6fb0ba6d947b4ee67a5111fbdf798c4488377ae28bdf537c1f920a58785b7
b32319da446dcf83378ab714f5ad0229dff43c9c6b345b69f1a397c951c1122e
b47969e73931546fdcfb1e69c43da911dc9f7bb8d0e211731a253b572ecdc4fe
b630ad8ffa11003693ce8431d2f1c6b8b126cd32b657a4bfa9c0dbe70b007d6c
bc19a9415428973d65358291d604d96a0915a01d4b06939269b9e210f23aad43
c23f50c8014c190afa14b4c2c9b85512fb3a75405652c9b6be1401f678295f36
c5d13324100047d7def82eeafdb6fc98cc2ccfae56db66ada9f1c3c7429ef9cb
ca48fa63bd603c74ab02841fc6b6e90c29a9b740232628fadafa923d2833a314
d02752aadc71fafa950a6a51b1298dc914e81d20f95a86b12ee07cd2d2a85711
d0678fe8c92912698c4b9d4d03d83131e16d8b219ccf373fa847da476788785b
dc4cf164635db06b2a0b62d313dbd186350bca6fc88438617411a68df13ec83c
dcc986c48c9c99c012ae2b314ac3f2223e217aee2ccdfb733cbbdaea0b713589
e0e59bfc22876c170af65dcbf19f744ae560cc43b720b23b9d248f4505c02f3e
e413e8094d76061f094f8b9339d00d80514065f7d37c184543c0f80c5d51bd80
e8cf9b04ba7054e1c34bda05106478f9071f8f6569b4822070834abbf8e07a95
edb1597789c7ed784b85367a36440bf05267ac786efe5a4044ec23e490864cee
f21abadef52b4dbd01ad330efb28ef50f8205f57916a26daf5de02249c0f24ef
http://br0vvnn.io
https://codevexillium.org
0a2d81164d524be7022ba8fd4e1e8e01bfd65407148569d172e2171b5cd76cd4
0ac5c8ad0c2ddef4d41724acac586ffabcc92ab9d4906a4fc4a1ff2ec2feec7c
0acf21fba2b46ad2dd9c0da887f0fda704e7a5569b735c288d43a57688eb53fa
11fef660dec27474c0c6c856a7b4619155821fdd1ce404848513a2700be806a5
133280e985448a3cfa8906830af137634c4657740a8c7209a368c5a0d0b3dabf
16ad21aedf8f43fcedaa19dbd4f4fda0f3fec0517662b99a3054dac6542ab865
1cc60cb1e08779ff140dfbb4358a7c2587ba58ad2f1f23343b9efb51bb25aaed
1d9a58bc9b6b22fb3e3099996dbab13bfc5258b8307026f66fa69729d40f2b13
25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc
284df008aa2459fd1e69b1b1c54fb64c534fce86d2704c4d4cc95d72e8c11d6f
2cbdea62e26d06080d114bbd922d6368807d7c6b950b1421d0aa030eca7e85da
33665ce1157ddb7cd7e905e3356b39245dfba17b7a658bdbf02b6968656b9998
34e13e2efb336fbe8202ca931a496aa451cf554450806b63d25a57a627e0fb65
39ad9ae3780c2f6d41b1897e78f2b2b6d549365f5f024bc68d1fe794b940f9f1
3ab770458577eb72bd6239fe97c35e7eb8816bce5a4b47da7bd0382622854f7c
3d3195697521973efe0097a320cbce0f0f98d29d50e044f4505e1fbc043e8cf9
46efd5179e43c9cbf07dcec22ce0d5527e2402655aee3afc016e5c260650284a
4bfeb22ec438cf7ed8a7fefe6e7f321d842ad6ade0ca772732d1a757177e7ad7
4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244
5024f199836692fe428aef3d41a561448632e9cbab954f842ef300573600423d
53f3e55c1217dafb8801af7087e7d68b605e2b6dde6368fceea14496c8a9f3e5
5815103140c68614fd7fc05bad540e654a37b81b7e451e213128f2eff081005a
58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7
6b3a693d391426182fc2944d14b0816cdf1e5f87c13d6eb697756f9577b0bcee
70e1f774c0c80e988641d709d3a6990193e039b1ce618ceaacc1d61a850e9b76
77a9a0f67d09cafaf05ee090483a64622a7a04dfe226763f68651b071c1802f2
80a19caf4cfc9717d449975f98a157d0a483bf48a05e3b6f7a9b204faa8c35d1
88aeaff0d989db824d6e9429cd94bc22bbbfc39775c0929e703343798f69e9cc
8d85e31de2623538a42a211e3919d5602f99dc80f21e0c5f99d53838b2b07063
90b4bd609b84c41beeed5b9310f2d84de83c74aaecfd1facc02e278be5059110
913871432989378a042f5023351c2fa2c2f43b497b75ef2a5fd16d65aa7d0f54
95e42a94d4df1e7e472998f43b9879eb34aaa93f3705d7d3ef9e3b97349d7008
96d7a93f6691303d39a9cc270b8814151dfec5683e12094537fd580afdf2e5fe
98a6e0c8b8ec4dbbc3ef21308ec04912fa38e84828cedad99e081d588811ba5e
99c95b5272c5b11093eed3ef2272e304b7a9311a22ff78caeb91632211fcb777
9c90bbe4b61136d94170e90c299adab0d1ccbc3a8f71519799dd901d742f3561
9d5320e883264a80ea214077f44b1d4b22155446ad5083f4b27d2ab5bd127ef5
9e562cc5c3eb48a5f1a1ccd29bf4b2ff4ab946f45aa5d8ea170f69104b684023
9f23069f74d0fb09823ad7f46f338d7920a731622404a7754df36ffbc40f8744
9fd05063ad203581a126232ac68027ca731290d17bd43b5d3311e8153c893fe3
a1c4c617d99d10bbb2524b4d5bfdcf00f47d9cf39e8c7d3e6a9ce1219393da5a
a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15
a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855
aa5264323755a7dfa7c39ada09224c8c1de03ec8aeb6f7b216a56e8475e5f547
ada7e80c9d09f3efb39b729af238fcdf375383caaf0e9e0aed303931dc73b720
aeb6fb0ba6d947b4ee67a5111fbdf798c4488377ae28bdf537c1f920a58785b7
b32319da446dcf83378ab714f5ad0229dff43c9c6b345b69f1a397c951c1122e
b47969e73931546fdcfb1e69c43da911dc9f7bb8d0e211731a253b572ecdc4fe
b630ad8ffa11003693ce8431d2f1c6b8b126cd32b657a4bfa9c0dbe70b007d6c
bc19a9415428973d65358291d604d96a0915a01d4b06939269b9e210f23aad43
c23f50c8014c190afa14b4c2c9b85512fb3a75405652c9b6be1401f678295f36
c5d13324100047d7def82eeafdb6fc98cc2ccfae56db66ada9f1c3c7429ef9cb
ca48fa63bd603c74ab02841fc6b6e90c29a9b740232628fadafa923d2833a314
d02752aadc71fafa950a6a51b1298dc914e81d20f95a86b12ee07cd2d2a85711
d0678fe8c92912698c4b9d4d03d83131e16d8b219ccf373fa847da476788785b
dc4cf164635db06b2a0b62d313dbd186350bca6fc88438617411a68df13ec83c
dcc986c48c9c99c012ae2b314ac3f2223e217aee2ccdfb733cbbdaea0b713589
e0e59bfc22876c170af65dcbf19f744ae560cc43b720b23b9d248f4505c02f3e
e413e8094d76061f094f8b9339d00d80514065f7d37c184543c0f80c5d51bd80
e8cf9b04ba7054e1c34bda05106478f9071f8f6569b4822070834abbf8e07a95
edb1597789c7ed784b85367a36440bf05267ac786efe5a4044ec23e490864cee
f21abadef52b4dbd01ad330efb28ef50f8205f57916a26daf5de02249c0f24ef
http://br0vvnn.io
https://codevexillium.org