Lazarus Group Exploits Unpatched Zimbra Devices


The North Korean Lazarus APT group has been associated with a new intelligence-gathering campaign named ‘No Pineapple.’ It abused known security flaws in unpatched Zimbra devices to infect systems to target public and private sector research organizations in healthcare and energy sectors.

An intelligence-gathering campaign

Security firm WithSecure has dubbed the campaign No Pineapple in reference to an error message used in one of the backdoors. The attack is said to be ongoing since Q3 2022.

  • The targets were healthcare research organizations in India, a chemical engineering department of a research university, a manufacturer of technology used in the energy, research, defense, and healthcare sectors; and an unnamed customer.
  • Further, around 100GB of data is believed to be exported by the hacking group along with the compromise of an unnamed customer. The digital break-in took place in the Q3 of 2022.

Read more…