North Korean Hackers Exploit CyberLink Software in Global Supply-Chain Attack

Malicious CyberLink Installer Targets Users Worldwide

North Korean state-backed hackers have launched a sophisticated supply-chain attack by distributing a trojanized version of a legitimate CyberLink application. The Taiwanese software developer, known for multimedia tools like PowerDVD and AI facial recognition technology, confirmed the compromise of one of its video editing apps, Promeo.

Key Details of the Attack

  • Attack Vector: Modified installer file hosted on CyberLink’s legitimate update infrastructure
  • Malware Identified: Microsoft tracks the threat as “LambLoad”
  • First Detected: Suspicious activity observed as early as October 20, 2023
  • Affected Devices: Over 100 systems across Japan, Taiwan, Canada, and the United States

Microsoft’s Findings and Attribution

Microsoft’s Threat Intelligence team reported that attackers used a valid CyberLink code signing certificate to authenticate the malicious executable. The company has since added this certificate to its disallowed certificate list to prevent further exploitation.

Connection to North Korean Threat Actors

Microsoft attributes the attack with “high confidence” to Diamond Sleet, a North Korean hacking group linked to the infamous Lazarus collective. This group specializes in:

  • Corporate espionage
  • Financial theft
  • Network destruction
  • Supply-chain compromises

CyberLink’s Response and Security Measures

CyberLink spokesperson Melinda Ziemer stated that the company identified and removed the malware from Promeo’s installation file on November 11. The company implemented additional security protocols to prevent future incidents and confirmed no other applications were affected.

Ongoing Threats and Mitigation

While Microsoft hasn’t detected active hands-on-keyboard activity, Diamond Sleet typically:

  1. Steals sensitive data from compromised systems
  2. Infiltrates software development environments
  3. Moves laterally to exploit additional victims
  4. Establishes persistent access

Microsoft has notified affected Microsoft Defender for Endpoint customers and CyberLink about the compromise. The full extent of the attack’s impact remains under investigation.

Last Updated: November 29, 2023

📚 Featured Products & Recommendations

Discover our carefully selected products that complement this article’s topics:

🛍️ Featured Product 1: Infinity Tools Buck – Multi-Layer Inlay System

Infinity Tools Buck – Multi-Layer Inlay System Image: Premium product showcase

Carefully crafted infinity tools buck – multi-layer inlay system delivering superior performance and lasting value.

Key Features:

  • Premium materials and construction
  • User-friendly design and operation
  • Reliable performance in various conditions
  • Comprehensive quality assurance

🔗 View Product Details & Purchase

💡 Need Help Choosing? Contact our expert team for personalized product recommendations!

Remaining 0% to read
All articles, information, and images displayed on this site are uploaded by registered users (some news/media content is reprinted from network cooperation media) and are for reference only. The intellectual property rights of any content uploaded or published by users through this site belong to the users or the original copyright owners. If we have infringed your copyright, please contact us and we will rectify it within three working days.