Lazarus Group Launches New Wave of Attacks on Developers via GitHub
Cybersecurity experts have warned about an ongoing threat from the Lazarus Group, a North Korean state-sponsored hacking organization. Since early 2023, the group has been active with its VMConnect campaign, targeting developers on open-source platforms. The latest wave of attacks, discovered in September 2023, involves malicious Python packages hosted on GitHub repositories.
The Lazarus Group is impersonating Capital One staff to send 'test' packages to developers via LinkedIn direct messages. These packages contain malicious Python files designed to install downloaders capable of fetching backdoors and infostealers. The campaign is an extension of the previously identified VMConnect attack from August 2023. Organizations are urged to be vigilant against downloading and executing code from unknown sources to avoid potential security breaches.
Three additional malicious Python packages were discovered in September 2023, indicating the campaign's continued evolution and the group's adaptability.
The Lazarus Group's VMConnect campaign remains active, with the most recent attacks involving malicious Python packages sent to developers on open-source repositories. Organizations should remain vigilant and cautious when dealing with unsolicited messages and downloads, especially from unknown sources. The campaign's link to the North Korean state-sponsored hacking group underscores the seriousness of the threat.
Read also:
- Planned construction of enclosures within Görlitzer Park faces delays
- Controversy resurfaces following the elimination of diesel filter systems at Neckartor: A renewed conflict over the diesel restriction policy
- Perennial Seeks Growth Marketing & GTM Associate for Carbon Removal Mission
- Taiwan Rejects U.S. Chip Production Shift Proposal
