North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems.
That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple.
Targets of the malicious operation included a healthcare research organization

campaign compromise cybersecurity cybersecurity company devices exploit flaws f-secure gathering hackers healthcare incident intelligence intelligence gathering lazarus lazarus group malicious north north korean north korean hackers organization research security security flaws sponsored state systems unpatched victim withsecure zimbra