Hackers Weaponize Open Source Software in Targeted Phishing Attempts


Microsoft has observed ZINC using weaponized versions of PuTTY, KiTTY, and more.

The Microsoft Threat Intelligence Center (MSTIC) has recently detected a wide range of phishing attempts using weaponized open source software. 

These attempts, attributed to ZINC, have used traditional social engineering tactics by contacting individuals with fake job offers on LinkedIn. “Upon successful connection, ZINC encouraged continued communication over WhatsApp, which acted as the means of delivery for their malicious payloads,” Microsoft says.

MSTIC has observed ZINC, also known as Lazarus, using weaponized versions of open source software including PuTTY, KiTTY, and TightVNC installer for these attacks, which have targeted “employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia.”


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=