Microsoft attributed a 2022 social-engineering campaign to ZINC, a North Korea-based group now tracked as Diamond Sleet, targeting employees in media, defense and aerospace, and IT services organizations in the US, UK, India, and Russia. The operators built trust on LinkedIn, moved conversations to WhatsApp, and delivered malicious payloads through weaponized legitimate open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording installers. Microsoft observed the ZetaNile/BLINDINGCAN malware family using DLL search order hijacking, encrypted or packed implant DLLs, and HTTP C2 requests to compromised domains. The campaign is significant because it combines recruiter-style social engineering with widely used tools, giving ZINC a scalable path to espionage, data theft, financial gain, and potential destructive access across multiple sectors.