DPRK Using Unpatched Zimbra Devices to Spy on ResearchersDPRK Using Unpatched Zimbra Devices to Spy on Researchers
Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.
February 7, 2023

A recent round of compromises that exploited unpatched Zimbra devices was an effort sponsored by the North Korean government and intended to steal intelligence from a collection of public and private medical and energy sector researchers.
Analysts with W Labs explained in a new report that due to an overlap in techniques — and thanks to a misstep by one of the threat actors — they were able to attribute "with high confidence" the recent round of cyber incidents against unpatched Zimbra devices as the work of Lazarus Group, a well-known threat group sponsored by the North Korean government. Lazarus operated this campaign and other similar intelligence-gathering efforts through the end of 2022.
The researchers named the campaign "No Pineapple" after an error message generated by the malware during their investigation. The threat actors quietly exfiltrated about 100GB of data, without waging any disruptive cyber operations or destroying information.
"The campaign targeted public and private sector research organizations, the medical research, and energy sector as well as their supply chain," the W Labs report added. "The motivation of the campaign is assessed to be most likely for intelligence benefit."
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023