Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.
The vulnerability in the Windows Common Log File system could allow an authenticated attacker to execute code with elevated privileges.
Microsoft quietly fixed the elevation of privilege flaw in June.
APT29, the threat actor linked to the SolarWinds hack, is abusing various Azure features in recent attacks against organizations that influence the foreign policy of NATO countries.
Microsoft observed the threat actor, which it tracks as Seaborgium, targeting over 30 organizations since 2022 started.