This presentation will discuss recent examples of the ongoing threat that ZINC poses to global organizations using social engineering to deliver weaponized legitimate open-source software, to achieve their possible objectives historically focused on espionage, data theft, financial gain, and network destruction. The highlighted activity will be discussed from both MSFT and LinkedIn’s perspectives and talk about how activity and targeting from the same group can be similar, and also different, across platforms.
Building upon past observations of this group’s activity, this presentation will discuss new techniques used by this actor group in recent months focused on targeting multiple industries including media, defense and aerospace, and IT services through the use of weaponized legitimate open-source software - including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer. By impersonating recruiters at legitimate technology, defense, and media entertainment companies, ZINC first established contact with their targets via social media, where they performed social engineering, before moving to an encrypted messaging application, where the delivery of weaponized software took place.
ZINC continues to pose a significant threat to individuals and organizations by shifting and evolving, their methods and targeting remain fluid and often change from one platform to the next. Due to the wide use of the platforms and weaponized software that ZINC utilized in their recent campaign, ZINC could pose a significant threat to individuals and organizations across multiple sectors and regions.