November 22, 2023 By Sergiu Gatlan
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
According to Microsoft Threat Intelligence, activity suspected to be linked with the altered CyberLink installer file surfaced as early as October 20, 2023.
This trojanized installer was hosted on legitimate CyberLink update infrastructure owned and has so far been detected on more than 100 devices worldwide, including in Japan, Taiwan, Canada, and the United States.
Microsoft this supply chain attack with high confidence to a North Korean cyberespionage group tracked by Redmond as Diamond Sleet (aka ZINC, Labyrinth Chollima, and Lazarus).
