November 24, 2023 at 07:36AM A Taiwanese software company was breached by a North Korean threat group known as Diamond Sleet. The hackers manipulated a legitimate application installer to download and execute a malicious payload. Microsoft has detected their activity and provided indicators of compromise for detection. The threat actor is known for data theft … Read more
November 23, 2023 at 01:06AM North Korean threat actor Diamond Sleet is using a trojanized version of a legitimate app developed by CyberLink in a supply chain attack. The poisoned file, hosted on CyberLink’s infrastructure, downloads a second-stage payload. The campaign has affected over 100 devices in Japan, Taiwan, Canada, and the U.S. Microsoft has … Read more
October 19, 2023 at 03:21AM North Korean threat actors are exploiting a security flaw in JetBrains TeamCity to breach vulnerable servers. The attacks are attributed to Diamond Sleet and Onyx Sleet, both part of the Lazarus Group. The attacks involve compromising TeamCity servers and deploying known implants or malicious DLLs. Microsoft observed the use of … Read more