Wednesday, November 29, 2023

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

The "Diamond Sleet" supply chain compromise is a sophisticated cyber attack attributed to a North Korea-based threat actor, also known as ZINC or Lazarus Group. This attack involves a maliciously modified version of a legitimate software application installer developed by CyberLink Corp., a company specializing in multimedia software products.

Microsoft Threat Intelligence has uncovered this supply chain attack, revealing that the compromised CyberLink installer is being used to distribute LambLoad malware. This malware is part of a broader strategy employed by the Lazarus Group to infiltrate and compromise systems globally. The modified installer acts as a conduit for the malware, exploiting the trust in legitimate software to gain unauthorized access to systems and networks.

The Lazarus Group, well-known in the cybersecurity industry, has a history of conducting sophisticated cyber attacks. This recent supply chain compromise against CyberLink users underlines the group's continued focus on exploiting vulnerabilities in widely used software to facilitate their malicious objectives, including espionage, data theft, and other cybercrimes. This attack not only highlights the evolving tactics of advanced threat actors but also underscores the importance of stringent security measures in software supply chains​

IoC

URL

  • https://zeduzeventos.busqueabuse.com/wpadmin/js/widgets/sub/wids.php
  • https://www.webville.net/images/CL202966126.png
  • https://mantis.jancom.pl/bluemantis/image/addon/addin.php

SHA256

  • 915c2495e03ff7408f11a2a197f23344004c533ff87db4b807cc937f80c217a1
  • 166d1a6ddcde4e859a89c2c825cd3c8c953a86bfa92b343de7e5bfbfb5afb8be
  • 089573b3a1167f387dcdad5e014a5132e998b2c89bff29bcf8b06dd497d4e63d
  • 8aa3877ab68ba56dabc2f2802e813dc36678aef4

MD5

  • 0a08d3601636378f0a7d64fd09e4a13b


REFERENCES

  • https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/#:~:text=Microsoft%20Threat%20Intelligence%20has%20uncovered,that%20develops%20multimedia%20software%20products
  • https://www.scmagazine.com/brief/trojanized-cyberlink-installer-used-in-global-lazarus-supply-chain-attack
  • https://siliconangle.com/2023/11/22/cyberlink-targeted-supply-chain-attack-infamous-lazarus-hacking-group/#:~:text=The%20threat%20actor%2C%20called%20Diamond,used%20as%20a%20conduit
  • https://otx.alienvault.com/pulse/655f0ab585a20bff0cac8b7c


TAGS

  • diamond sleet, lambload, zinc, supply chain attack, cyberlink


at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...