At a glance.
- North Korean operators "weaponize" open-source software.
- SolarMarker info-stealer returns in watering hole campaign.
- Fast Company's WordPress hijacking incident.
- Deepfakes, and their evolution.
- Kinetic sabotage raises concerns about threats to infrastructure in cyberspace.
- CISA releases six Industrial Control System Advisories.
North Korean operators "weaponize" open-source software.
Microsoft warns that the North Korean threat actor the company tracks as “ZINC” is targeting engineers and technical support employees working at “media, defense and aerospace, and IT services in the US, UK, India, and Russia.” The threat actor is using malicious versions of open-source applications, including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording. Microsoft believes the campaign is “motivated by traditional cyberespionage, theft of personal and corporate data, financial gain, and corporate network destruction.” For more on this cyberespionage campaign, see CyberWire Pro.