A current spherical of compromises that exploited unpatched Zimbra gadgets was an effort sponsored by the North Korean authorities and supposed to steal intelligence from a set of private and non-private medical and power sector researchers.
Analysts with W Labs defined in a brand new report that on account of an overlap in methods — and due to a misstep by one of many menace actors — they have been in a position to attribute “with excessive confidence” the current spherical of cyber incidents in opposition to unpatched Zimbra gadgets because the work of Lazarus Group, a widely known menace group sponsored by the North Korean authorities. Lazarus operated this marketing campaign and different related intelligence-gathering efforts via the tip of 2022.
The researchers named the marketing campaign “No Pineapple” after an error message generated by the malware throughout their investigation. The menace actors quietly exfiltrated about 100GB of knowledge, with out waging any disruptive cyber operations or destroying info.
“The marketing campaign focused private and non-private sector analysis organizations, the medical analysis, and power sector in addition to their provide chain,” the W Labs report added. “The motivation of the marketing campaign is assessed to be almost certainly for intelligence profit.“