ZINC attacks against security researchers

2021-01-28 Microsoft

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

Thumbnail for ZINC attacks against security researchers

Microsoft attributed a campaign targeting security researchers to ZINC, a DPRK-affiliated state-sponsored group, after detecting attacks against penetration testers, private offensive researchers, and employees at security and technology companies. The operators built credibility through Twitter, LinkedIn, GitHub, and an actor-controlled blog before moving responsive targets to other channels and sending malicious Visual Studio projects. Microsoft also observed a watering-hole path through br0vvnn[.]io where visitors using Chrome were followed by ZINC malware activity, suggesting an exploit chain even on fully patched systems. The Visual Studio projects used pre-build PowerShell commands to execute Comebacker DLL payloads via rundll32 and establish command-and-control access.

Indicators of Compromise

Type Value First Seen Last Seen
HASH a75886b016d84c3eaacaf01a3c61e04… 2021-01-25 2025-11-07
DOMAIN codevexillium.org 2021-01-25 2024-04-17
HASH a4fb20b15efd72f983f0fb3325c0352… 2021-01-25 2021-02-01
HASH 3ab770458577eb72bd6239fe97c35e7… 2021-01-28 2021-01-28
HASH 913871432989378a042f5023351c2fa… 2021-01-28 2021-01-28
HASH 58a74dceb2022cd8a358b92acd1b48a… 2021-01-28 2021-01-28
HASH 9c90bbe4b61136d94170e90c299adab… 2021-01-28 2021-01-28
HASH 9d5320e883264a80ea214077f44b1d4… 2021-01-28 2021-01-28
HASH 0a2d81164d524be7022ba8fd4e1e8e0… 2021-01-28 2021-01-28
HASH d02752aadc71fafa950a6a51b1298dc… 2021-01-28 2021-01-28
HASH 90b4bd609b84c41beeed5b9310f2d84… 2021-01-28 2021-01-28
HASH 46efd5179e43c9cbf07dcec22ce0d55… 2021-01-28 2021-01-28
HASH 39ad9ae3780c2f6d41b1897e78f2b2b… 2021-01-28 2021-01-28
HASH 284df008aa2459fd1e69b1b1c54fb64… 2021-01-28 2021-01-28
HASH 34e13e2efb336fbe8202ca931a496aa… 2021-01-28 2021-01-28
HASH 16ad21aedf8f43fcedaa19dbd4f4fda… 2021-01-28 2021-01-28
HASH 53f3e55c1217dafb8801af7087e7d68… 2021-01-28 2021-01-28
HASH 70e1f774c0c80e988641d709d3a6990… 2021-01-28 2021-01-28
HASH b630ad8ffa11003693ce8431d2f1c6b… 2021-01-28 2021-01-28
HASH e413e8094d76061f094f8b9339d00d8… 2021-01-28 2021-01-28
HASH dcc986c48c9c99c012ae2b314ac3f22… 2021-01-28 2021-01-28
HASH 4bfeb22ec438cf7ed8a7fefe6e7f321… 2021-01-28 2021-01-28
HASH b47969e73931546fdcfb1e69c43da91… 2021-01-28 2021-01-28
HASH 3d3195697521973efe0097a320cbce0… 2021-01-28 2021-01-28
HASH 079659fac6bd9a1ce28384e7e3a465b… 2021-01-28 2021-01-28
HASH 5024f199836692fe428aef3d41a5614… 2021-01-28 2021-01-28
HASH edb1597789c7ed784b85367a36440bf… 2021-01-28 2021-01-28
HASH 9fd05063ad203581a126232ac68027c… 2021-01-28 2021-01-28
HASH 1d9a58bc9b6b22fb3e3099996dbab13… 2021-01-28 2021-01-28
HASH 98a6e0c8b8ec4dbbc3ef21308ec0491… 2021-01-28 2021-01-28
HASH 0ac5c8ad0c2ddef4d41724acac586ff… 2021-01-28 2021-01-28
HASH f21abadef52b4dbd01ad330efb28ef5… 2021-01-28 2021-01-28
HASH aeb6fb0ba6d947b4ee67a5111fbdf79… 2021-01-28 2021-01-28
HASH aa5264323755a7dfa7c39ada09224c8… 2021-01-28 2021-01-28
HASH 95e42a94d4df1e7e472998f43b9879e… 2021-01-28 2021-01-28
HASH 8d85e31de2623538a42a211e3919d56… 2021-01-28 2021-01-28
HASH 133280e985448a3cfa8906830af1376… 2021-01-28 2021-01-28
HASH 80a19caf4cfc9717d449975f98a157d… 2021-01-28 2021-01-28
HASH 9e562cc5c3eb48a5f1a1ccd29bf4b2f… 2021-01-28 2021-01-28
HASH 9f23069f74d0fb09823ad7f46f338d7… 2021-01-28 2021-01-28
HASH 11fef660dec27474c0c6c856a7b4619… 2021-01-28 2021-01-28
HASH 6b3a693d391426182fc2944d14b0816… 2021-01-28 2021-01-28
HASH a1c4c617d99d10bbb2524b4d5bfdcf0… 2021-01-28 2021-01-28
HASH d0678fe8c92912698c4b9d4d03d8313… 2021-01-28 2021-01-28
HASH b32319da446dcf83378ab714f5ad022… 2021-01-28 2021-01-28
HASH bc19a9415428973d65358291d604d96… 2021-01-28 2021-01-28
HASH 0acf21fba2b46ad2dd9c0da887f0fda… 2021-01-28 2021-01-28
HASH e8cf9b04ba7054e1c34bda05106478f… 2021-01-28 2021-01-28
HASH ca48fa63bd603c74ab02841fc6b6e90… 2021-01-28 2021-01-28
HASH 33665ce1157ddb7cd7e905e3356b392… 2021-01-28 2021-01-28
HASH c5d13324100047d7def82eeafdb6fc9… 2021-01-28 2021-01-28
HASH c23f50c8014c190afa14b4c2c9b8551… 2021-01-28 2021-01-28
HASH dc4cf164635db06b2a0b62d313dbd18… 2021-01-28 2021-01-28
HASH 1cc60cb1e08779ff140dfbb4358a7c2… 2021-01-28 2021-01-28
HASH 99c95b5272c5b11093eed3ef2272e30… 2021-01-28 2021-01-28
HASH 5815103140c68614fd7fc05bad540e6… 2021-01-28 2021-01-28
HASH ada7e80c9d09f3efb39b729af238fcd… 2021-01-28 2021-01-28
HASH 77a9a0f67d09cafaf05ee090483a646… 2021-01-28 2021-01-28
HASH 96d7a93f6691303d39a9cc270b88141… 2021-01-28 2021-01-28
HASH 2cbdea62e26d06080d114bbd922d636… 2021-01-28 2021-01-28
HASH 88aeaff0d989db824d6e9429cd94bc2… 2021-01-28 2021-01-28
URL https://codevexillium.org 2021-01-28 2021-01-28
HASH e0e59bfc22876c170af65dcbf19f744… 2021-01-28 2021-01-28
HASH 25d8ae4678c37251e7ffbaeddc252ae… 2021-01-25 2021-01-28
HASH 68e6b9d71c727545095ea6376940027… 2021-01-25 2021-01-28
DOMAIN krakenfolio.com 2021-01-25 2021-01-28
DOMAIN investbooking.de 2021-01-25 2021-01-28
DOMAIN angeldonationblog.com 2021-01-25 2021-01-28
DOMAIN br0vvnn.io 2021-01-25 2021-01-28
HASH 4c3499f3cc4a4fdc7e67417e055891c… 2021-01-25 2021-01-28

Related Actors

Related Reports

« Back