ZINC

Threat Actor updated a month ago (2024-09-10T04:17:45.731Z)
Download STIX
Preview STIX
Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campaigns. Microsoft's Threat Intelligence team has been tracking this group's activities, which have primarily targeted media, defense, and information technology (IT) industries globally. The group has also been linked to other North Korean Advanced Persistent Threat (APT) groups including Lazarus Group, Hidden Cobra, and Andariel. In 2022, Zinc reached a peak in its malicious activities. Notably, Microsoft Threat Intelligence uncovered a supply chain attack orchestrated by Zinc involving a trojanized variant of an application developed by CyberLink Corp., a software company known for multimedia software products. This marked a significant escalation in the group's tactics, weaponizing open-source software to compromise systems and networks. In October 2023, Zinc, along with several other North Korea-backed APTs, was implicated in exploiting the TeamCity vulnerability to install persistent backdoors into systems. Despite the increase in production of nickel and zinc in 2022, predominantly from Indonesia and China, the global prices for these commodities are expected to be suppressed. Meanwhile, Zinc continues to pose a significant cybersecurity threat. Microsoft's threat intelligence team attributes this ongoing campaign to Zinc, revealing the group's persistent efforts to exploit vulnerabilities and compromise systems. As of now, organizations, particularly those in the media, defense, and IT sectors, need to remain vigilant about this threat actor and continue to prioritize robust cybersecurity measures.
Description last updated: 2024-09-10T03:19:36.429Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Diamond Sleet is a possible alias for ZINC. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply
4
Lazarus Group is a possible alias for ZINC. The Lazarus Group, a notorious threat actor attributed to North Korea, has been implicated in a series of high-profile cyberattacks and illicit activities. The group is known for its sophisticated operations, including Operation DreamJob, which targeted Spain with a high level of confidence. Over th
3
Andariel is a possible alias for ZINC. Andariel, also known as Jumpy Pisces, is a threat actor group primarily associated with cyberespionage and ransomware activities. The group has been linked to North Korea's Reconnaissance General Bureau and other APT groups such as Kimsuky and Onyx Sleet. Andariel has been noted for its aggressive t
2
CVE-2023-42793 is a possible alias for ZINC. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Apt
Teamcity
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Onyx Sleet Threat Actor is associated with ZINC. Onyx Sleet, a threat actor also known as Andariel, Silent Chollima, and Stonefly, is a North Korean state-sponsored cyber group under the RGB 3rd Bureau. This group, based in Pyongyang and Sinuiju, has been associated with various malicious activities including cyber espionage and ransomware attacksUnspecified
2
The Plutonium Threat Actor is associated with ZINC. Plutonium, a threat actor with potentially global implications, has been involved in several critical incidents. The group's activities have been traced back to the 1960s when alleged Israeli scientists visited NUMEC, claiming to obtain plutonium-238 for non-nuclear projects. The lack of stringent rUnspecified
2
Source Document References
Information about the ZINC Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
a month ago
CERT-EU
7 months ago
CERT-EU
10 months ago
DARKReading
10 months ago
MITRE
10 months ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago