A current spherical of compromises that exploited unpatched Zimbra gadgets was an effort sponsored by the North Korean authorities and supposed to steal intelligence from a set of private and non-private medical and vitality sector researchers.
Analysts with W Labs defined in a brand new report that because of an overlap in strategies — and because of a misstep by one of many menace actors — they had been in a position to attribute “with excessive confidence” the current spherical of cyber incidents towards unpatched Zimbra gadgets because the work of Lazarus Group, a well known menace group sponsored by the North Korean authorities. Lazarus operated this marketing campaign and different related intelligence-gathering efforts by the tip of 2022.
The researchers named the marketing campaign “No Pineapple” after an error message generated by the malware throughout their investigation. The menace actors quietly exfiltrated about 100GB of information, with out waging any disruptive cyber operations or destroying info.
“The marketing campaign focused private and non-private sector analysis organizations, the medical analysis, and vitality sector in addition to their provide chain,” the W Labs report added. “The motivation of the marketing campaign is assessed to be probably for intelligence profit.“