Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

North Korean Software Supply Chain Attack Hits North America, Asia 

North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.

Supply chain attack

A North Korean threat group breached a Taiwanese software company and leveraged its systems to deliver malware to devices in North America and Asia, Microsoft reported this week.

The threat actor is tracked by the tech giant as Diamond Sleet (Zinc). Previously described as a sub-group of the notorious Lazarus, the hacker gang has been conducting attacks for data theft, espionage, destruction and financial gain. In the past, it was observed targeting security researchers, penetration testers, and cybersecurity and tech company employees. 

Microsoft discovered recently that Diamond Sleet had targeted CyberLink Corp, a Taiwan-based software company specializing in audio, video and photo editing applications. 

The hackers compromised the company’s systems and modified a legitimate application installer. They added malicious code designed to download, decrypt and load a second-stage payload. 

The malicious version of the installer was signed with a valid CyberLink certificate and hosted on legitimate update infrastructure.

Microsoft started seeing activity related to this malicious installer on October 20, with the file reaching more than 100 devices in Japan, Taiwan, Canada and the United States. 

The company tracks the malware as LambLoad. The threat is designed to check the compromised host for the presence of security software from CrowdStrike, FireEye and Tanium before executing malicious code — only the legitimate CyberLink application is run if such security products are detected. 

Microsoft has not seen any hands-on-keyboard activity as part of this campaign, but noted that the threat actor is known to steal sensitive data from victims, compromise software build environments, move downstream to other victims, and establish persistent access. 

Advertisement. Scroll to continue reading.

Microsoft has made available indicators of compromise (IoCs) to help defenders detect Diamond Sleet activity on their network. 

Related: North Korean Hackers Exploiting Recent TeamCity Vulnerability

Related: US, South Korea: Ransomware Attacks Fund North Korea’s Cyber Operations

Related: US Sanctions North Korean University for Training Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Supply Chain Security

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Supply Chain Security

Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Artificial Intelligence

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.