Lazarus Group Exploits Unpatched Zimbra Devices
WithSecure researchers spotted a new campaign, dubbed No Pineapple, by North Korean Lazarus hackers targeting energy and medical research sectors with the Acres RAT. Lazarus gains access to a flawed Zimbra mail server by abusing RCE flaws tracked as CVE-2022-27925 and CVE-2022-37042.