Diamond Sleet supply chain compromise distributes a modified CyberLink installer [Thursday, November 23, 2023]

Diamond Sleet supply chain compromise distributes a modified CyberLink installer [Thursday, November 23, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Description :
Researchers uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by CyberLink and includes checks to limit the time window for execution and evade detection by security products.

Published :
2023-11-23T08:17:56.230Z

Created :
2023-11-23T08:17:56.230Z

Modified :
2023-11-23T08:28:47.547Z

Tags

  • zinc
  • supply chain attack
  • diamond sleet
  • lambload
  • cyberlink

Indicators

URLs :
  • https://zeduzeventos.busqueabuse.com/wpadmin/js/widgets/sub/wids.php
  • https://www.webville.net/images/CL202966126.png
  • https://mantis.jancom.pl/bluemantis/image/addon/addin.php
Hashes :
  • 166d1a6ddcde4e859a89c2c825cd3c8c953a86bfa92b343de7e5bfbfb5afb8be
  • 915c2495e03ff7408f11a2a197f23344004c533ff87db4b807cc937f80c217a1
  • 089573b3a1167f387dcdad5e014a5132e998b2c89bff29bcf8b06dd497d4e63d
Attacks Pattern :
  • T1530
  • T1003
  • T1027
  • T1140
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.