In September 2022, Microsoft released a report on a group they track as ZINC (also known as Lazarus), which is a state-sponsored group out of North Korea. The report details how ZINC has been using a set of trojanized, open source software implants dubbed ZetaNile (also known as BLINDINCAN) to attack a number of organizations since June 2022.

The ReversingLabs Research Team decided to investigate ZINC’s use of ZetaNile, which yielded several helpful results. In this conversation, host Paul Roberts chats with Joseph Edwards, a ReversingLabs Malware Researcher, about what their investigation yielded. They discuss how the malicious actors pulled off these attacks, where the malicious code resides in the open source software, and how these implants serve the criminals’ malicious goals.