A North Korean hacking group that is working under APT38

---

ZINC is an advanced persistent threat (APT) that has been active since at least 2017 and targets government, military, defense contractors, telecommunications companies, and other high-value organizations in Europe, the Middle East, Africa, Asia, Latin America, North America, Australia, New Zealand, and Oceania. ZINC is known for its sophisticated techniques such as spear phishing emails, watering hole attacks, exploitation of vulnerabilities, and use of malware like POWERSTATIC, SWEETOOTH, and WARHEAD to steal sensitive information from targeted organizations. The group has been linked to several high-profile cyber espionage campaigns such as Operation Cloud Hopper, which compromised over 40 companies in the technology sector worldwide. ZINC is considered a highly capable threat actor that poses significant risks to critical infrastructure and sensitive information systems around

Techniques, tactics and practices:

ZINC is an advanced persistent threat that uses a variety of sophisticated techniques to compromise its targets. Some of these include spear phishing emails, watering hole attacks, exploitation of vulnerabilities in software and systems, use of malware like POWERSTATIC, SWEETOOTH, and WARHEAD, as well as social engineering tactics such as impersonation and manipulation to gain access to sensitive information. ZINC is also known for its ability to maintain a persistent presence on compromised networks, using stealth techniques to avoid detection by security measures. Overall, the group\'s advanced capabilities make it a highly capable threat actor that poses significant risks to critical infrastructure and sensitive information systems around the world.