StrykerTop #cybersecurity resource for Friday, Nov 24, 2023: Diamond Sleet supply chain compromise distributes a modified CyberLink installer | from Microsoft Threat Intelligence
.
- TL;DR: Supply chain attack by North Korean threat actor Diamond Sleet (ZINC) discovered; impacted over 100 devices in multiple countries; Microsoft takes action to protect customers and provides recommendations for mitigation and detection.
.
- Find more resources in today's 5+All Security Resource Digest on Medium
.
Diamond Sleet supply chain compromise distributes a modified CyberLink installer | Microsoft Security Blog
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.