{"id":53514,"date":"2023-09-02T11:29:08","date_gmt":"2023-09-02T11:29:08","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34968\/VMConnect-Campaign-Linked-To-North-Koreas-Lazarus-Group.html"},"modified":"2023-09-02T11:29:08","modified_gmt":"2023-09-02T11:29:08","slug":"vmconnect-campaign-linked-to-north-koreas-lazarus-group","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/","title":{"rendered":"VMConnect Campaign Linked To North Korea&#8217;s Lazarus Group"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Three newly discovered malicious Python packages posted to the Python Package Index (PyPI) are now believed to be part of the VMConnect campaign and have also been tied to the <a href=\"https:\/\/www.scmagazine.com\/news\/north-korean-linked-lazarus-group-tied-to-supply-chain-attack-on-jumpcloud\" target=\"_blank\" rel=\"noreferrer noopener\">North Korean Lazarus Group.<\/a><\/p>\n<p>VMConnect is a popular tool IT teams use to connect a virtual machine to install or interact with the guest operating system in a virtual machine.&nbsp;Since VMware has more than 500,000 customers globally, the impact on enterprise operations is potentially significant.<\/p>\n<p>Karlo Zanki, who headed up the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.reversinglabs.com\/blog\/vmconnect-supply-chain-campaign-continues\" target=\"_blank\">VMConnect research<\/a> for ReversingLabs, said the samples the team collected in the latest iteration of the VMConnect campaign share malicious functionality (via the builder.py file) with a previously discovered and documented malicious package: py_QRcode, which was not a publicly hosted file.&nbsp;<\/p>\n<p>\u201cWhen we looked deeper, we found the malicious code in py_QRcode was nearly identical to malicious code in QRLog, previously identified Java malware, with the two packages sharing both code and command and control (C2) infrastructure,\u201d said Zanki.<\/p>\n<p>Digging deeper, Zanki said QRLog, which was initially discovered by the threat researcher Mauro Eldritch, has been analyzed and attributed by Crowdstrike with a high degree of confidence to Labyrinth Chollima, a subgroup within the Lazarus Group.<\/p>\n<p>&#8220;In short, as we look at the&#8230;.malicious code, as well as supporting infrastructure for these latest VMConnect malicious packages, many of the clues point in the direction of previously discovered and documented malware and campaigns linked to Lazarus Group and the DPRK,\u201d said Zanki.<\/p>\n<h2>Lazarus Group a persistent threat<\/h2>\n<p>ReversingLabs first identified VMConnect in an <a rel=\"noreferrer noopener\" href=\"https:\/\/www.reversinglabs.com\/blog\/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules\" target=\"_blank\">Aug. 3 blog post<\/a>, in which it reported that the campaign consisted of two dozen malicious Python packages posted to the PyPI open-source repository. Sonatype also <a rel=\"noreferrer noopener\" href=\"https:\/\/www.scmagazine.com\/news\/malicious-pypi-packages-resemble-a-legitimate-vmware-vsphere-connector\" target=\"_blank\">reported<\/a> on the case in a <a rel=\"noreferrer noopener\" href=\"https:\/\/blog.sonatype.com\/malicious-pypi-package-vmconnect-imitates-vmware-vsphere-connector-module\" target=\"_blank\">blog post Aug<\/a><a href=\"https:\/\/blog.sonatype.com\/malicious-pypi-package-vmconnect-imitates-vmware-vsphere-connector-module\" target=\"_blank\" rel=\"noreferrer noopener\">.<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/blog.sonatype.com\/malicious-pypi-package-vmconnect-imitates-vmware-vsphere-connector-module\" target=\"_blank\"> 3<\/a>, in which they said VMConnect contains much of the same code as its legitimate VMware counterpart and has been&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/pepy.tech\/project\/VMConnect\" target=\"_blank\">downloaded 237 times<\/a>, according to&nbsp;<em>PePy.tech<\/em>.<\/p>\n<p>Ted Miracco, chief executive officer at Approov, said this campaign offers rather sobering insights into both the evolution and persistence of North Korean cyber operations targeting the software supply chain. Miracco said while North Korean actors have been active in cyber espionage and financial crime for years, VMConnect and related efforts mark a calculated shift towards more subtle, software-based attacks that display increasing technical sophistication, and patience. He said the gradual buildup of innocuous packages to gain reputation, combined with delayed triggers reflect a long-term strategy of infecting widely used open-source repositories.&nbsp;<\/p>\n<p>\u201cIt underscores North Korea&#8217;s asymmetrical approach of using a few very advanced cyber adversaries against much larger nation states,\u201d said Miracco. \u201cUnable to compete economically or militarily, this regime skillfully exploits interdependent global software ecosystems, where a handful of corrupted packages can deliver malware, and the associated chaos that goes with it, across millions of devices. The age of open source innocence is over. Private and public sectors must cooperate deeply on software assurance and provenance. Defeating North Korean supply chain exploits will require matching determination, cooperation, and collective urgency.\u201d<\/p>\n<p>Emily Phelps, director at Cyware, added that for more than a decade, Lazarus has been linked to several high profile espionage campaigns and financially motivated cybercrimes. Phelps said ReversingLabs noted they have collected enough evidence to link these latest activities to the group, and while Lazarus has used a variety of malware families, some suggest they are slightly easier to track than others.&nbsp;<\/p>\n<p>\u201cThis does not make them any less dangerous,\u201d said Phelps. \u201cAdvanced persistent threats are challenging because they often have the resources to persist in their attacks. Still, organizations should maintain strong security hygiene, patch and update systems, conduct regular awareness training, maintain multiple backups of their files and systems, and develop strong threat intelligence and incident response programs.\u201d<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34968\/VMConnect-Campaign-Linked-To-North-Koreas-Lazarus-Group.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53515,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10666],"class_list":["post-53514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentmalwarecyberwarnorth-korea"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>VMConnect Campaign Linked To North Korea&#039;s Lazarus Group 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VMConnect Campaign Linked To North Korea&#039;s Lazarus Group 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-02T11:29:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"VMConnect Campaign Linked To North Korea&#8217;s Lazarus Group\",\"datePublished\":\"2023-09-02T11:29:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/\"},\"wordCount\":637,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg\",\"keywords\":[\"headline,hacker,government,malware,cyberwar,north korea\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/\",\"name\":\"VMConnect Campaign Linked To North Korea's Lazarus Group 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg\",\"datePublished\":\"2023-09-02T11:29:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,malware,cyberwar,north korea\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentmalwarecyberwarnorth-korea\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"VMConnect Campaign Linked To North Korea&#8217;s Lazarus Group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VMConnect Campaign Linked To North Korea's Lazarus Group 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/","og_locale":"en_US","og_type":"article","og_title":"VMConnect Campaign Linked To North Korea's Lazarus Group 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-02T11:29:08+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0901_vmware.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"VMConnect Campaign Linked To North Korea&#8217;s Lazarus Group","datePublished":"2023-09-02T11:29:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/"},"wordCount":637,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg","keywords":["headline,hacker,government,malware,cyberwar,north korea"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/","url":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/","name":"VMConnect Campaign Linked To North Korea's Lazarus Group 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg","datePublished":"2023-09-02T11:29:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/vmconnect-campaign-linked-to-north-koreas-lazarus-group.jpg","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/vmconnect-campaign-linked-to-north-koreas-lazarus-group\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,malware,cyberwar,north korea","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentmalwarecyberwarnorth-korea\/"},{"@type":"ListItem","position":3,"name":"VMConnect Campaign Linked To North Korea&#8217;s Lazarus Group"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53514"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53514\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53515"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}