Legitimate open-source software has been weaponised by threat actors connected to North Korea and is now being used to target personnel in businesses from a variety of industries, the Microsoft Threat Intelligence Center (MSTIC) warned.
The Lazarus Group, also known Zinc, the actor tracked by Microsoft, is said to have carried out the attacks, the technical write-up stated.
According to the advisory, Zinc has successfully compromised numerous organisations in the media, defense and aerospace, and information technology sectors in the USA, UK, India, and Russia.