• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
north korean hackers exploit unpatched zimbra devices in 'no pineapple'

North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign

You are here: Home / General Cyber Security News / North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign
February 2, 2023

A new intelligence gathering campaign connected to the prolific North Korean point out-sponsored Lazarus Team leveraged acknowledged security flaws in unpatched Zimbra equipment to compromise victim methods.

That is according to Finnish cybersecurity firm WithSecure (formerly F-Secure), which codenamed the incident No Pineapple.

Targets of the malicious procedure bundled a health care analysis firm in India, the chemical engineering department of a primary study university, as effectively as a company of technology employed in the energy, study, defense, and health care sectors, suggesting an try to breach the provide chain.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Around 100GB of data is believed to have been exported by the hacking crew next the compromise of an unnamed shopper, with the digital split-in most likely taking spot in the 3rd quarter of 2022.

“The menace actor received accessibility to the network by exploiting a vulnerable Zimbra mail server at the close of August,” WithSecure claimed in a thorough technical report shared with The Hacker News.

The security flaws made use of for original obtain are CVE-2022-27925 and CVE-2022-37042, both equally of which could be abused to get remote code execution on the underlying server.

This phase was succeeded by the installation of web shells and the exploitation of regional privilege escalation vulnerability in the Zimbra server (i.e., Pwnkit aka CVE-2021-4034), thus enabling the risk actor to harvest delicate mailbox details.

Subsequently, in October 2022, the adversary is explained to have carried out lateral motion, reconnaissance, and eventually deployed backdoors these kinds of as Dtrack and an up-to-date version of GREASE.

GREASE, which has been attributed as the handiwork of a different North Korea-affiliated danger cluster called Kimsuky, will come with capabilities to develop new administrator accounts with distant desktop protocol (RDP) privileges while also skirting firewall regulations.

Dtrack, on the other hand, has been utilized in cyber assaults aimed at a wide variety of business verticals, and also in economically inspired attacks involving the use of Maui ransomware.

“At the starting of November, Cobalt Strike [command-and-control] beacons had been detected from an interior server to two menace actor IP addresses,” scientists Sami Ruohonen and Stephen Robinson pointed out, incorporating the info exfiltration happened from November 5, 2022, as a result of November 11, 2022.

Also applied in the intrusion were equipment like Plink and 3Proxy to build a proxy on the victim method, echoing former results from Cisco Talos about Lazarus Group’s attacks targeting electricity suppliers.

North Korea-backed hacking groups have experienced a busy 2022, conducting the two espionage-pushed and cryptocurrency heists that align with the regime’s strategic priorities.

Most a short while ago, the BlueNoroff cluster, also recognized by the names APT38, Copernicium, Stardust Chollima, and Copernicium, and Stardust Chollima, and TA444, was related to vast-ranging credential harvesting attacks aimed at training, monetary, federal government, and healthcare sectors.

Identified this post exciting? Follow us on Twitter  and LinkedIn to read far more exceptional content we submit.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News City of London on High Alert After Ransomware Attack
Next Post: Cybersecurity budgets are going up. So why aren’t breaches going down? cybersecurity budgets are going up. so why aren't breaches going»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
  • Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
  • OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach

Copyright © TheCyberSecurity.News, All Rights Reserved.