What’s going on?
The term weaponization comes from the word weapon. It is the process by which something initially harmless is transformed into a dangerous weapon. In this case, these are open-source tools that attackers infect with Trojan malware and use for their benefit.
This is a further development of the "Operation Dream Job" campaign, which targets job seekers who respond to fraudulent job offers shared on LinkedIn. People who respond to such job offer receive a file that looks harmless at first glance but is infected with a harmful virus.
According to Microsoft, the North Korean hacker group Zinc, sometimes referred to as Labyrinth Chollima or Lazarus, which has been operating since 2009, is most likely behind these attacks. Zinc uses many open-source tools for attacks, including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer.
The mentioned attacks of the Zinc group are motivated by cyberespionage, a vision of financial gain, an attempt to steal personal or company data, or they seek to destroy the network of the targeted organization.