BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • North Korean hackers exploit Zimbra mail server vulnerability in their 'No Pineapple' malware campaign


    And what's with the pineapple?

    The North Korean Lazarus Group exploited known vulnerabilities in the Zimbra mail server to obtain critical intelligence.

    WithSecure called the incident "No Pineapple" referring to an error message used in one of the attackers' backdoors.

    The hacking team managed to export about 100 GB of data after compromising an unnamed client. And the hack itself took place in the third quarter of 2022.

    “An attacker gained access to the network using a vulnerable Zimbra mail server at the end of August,” WithSecure says in its detailed report.

    Initial access used security vulnerabilities CVE-2022-27925 and CVE-2022-37042 to allow remote code execution on the underlying server.

    This step was followed by installing web shells and exploiting a local privilege escalation vulnerability on the Zimbra server ("Pwnkit" or CVE-2021-4034). This allowed the attacker to collect sensitive data from the mail service.

    Subsequently, in October 2022, the hackers carried out the so-called "lateral move" and eventually introduced the Dtrack and GREASE backdoors.

    The creation of GREASE is attributed to another group, also associated with North Korea, the Kimsuky. This backdoor provides the ability to create new administrator accounts with remote access capabilities, as well as bypass firewall rules.

    The Dtrack backdoor has previously been used in cyberattacks targeting various industry verticals, as well as financial attacks using Maui ransomware.

    WithSecure gave this attack the name “No Pineapple” (“No Pineapple”), just in honor of the error in the operation of the Dtrack backdoor, which occurs when uploading data to a C2 server if the data exceeds the size of a segmented byte.

    The attack also used the Plink and 3Proxy tools to create a proxy server on the victim's system, confirming Cisco Talos' previous findings about Lazarus Group attacks targeting energy providers.

    North Korean-backed hacker groups have had a busy year. They have been implicated in a variety of spy attacks and cryptocurrency thefts that are in line with the strategic priorities of the DPRK regime.

    Author DeepWeb
    Developers and pentesters are the most in-demand IT professionals on the dark web
    Crypto fraudulent applications have penetrated the official stores of Google and Apple

    Comments 0

    Add comment