The Microsoft Threat Intelligence Center (MSTIC) has recently detected a wide range of phishing attempts using weaponized open source software. 

These attempts, attributed to ZINC, have used traditional social engineering tactics by contacting individuals with fake job offers on LinkedIn. “Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads,” Microsoft says.

MSTIC has observed ZINC, also known as Lazarus, using weaponized versions of open source software including PuTTY, KiTTY, and TightVNC installer for these attacks, which have targeted “employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia.”