Microsoft: Lazarus hackers breach CyberLink in supply chain attack

Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft Threat Intelligence, activity suspected to be linked with the altered CyberLink installer file surfaced as early as October 20, 2023. Microsoft security experts have attributed this supply chain attack with high confidence to a North Korean cyberespionage group tracked by Redmond as Diamond Sleet. The second-stage payload observed while investigating this attack interacts with infrastructure that the same group of threat actors previously compromised. "Diamond Sleet utilized a legitimate code signing certificate issued to CyberLink Corp. to sign the malicious executable," the company said. "This certificate has been added to Microsoft's disallowed certificate list to protect customers from future malicious use of the certificate." Microsoft tracks the trojanized software and related payloads as LambLoad, a malware downloader and loader. If the criteria are met, the malware connects with one of three command-and-control servers to retrieve a second-stage payload concealed within a file posing as a PNG file using the static User-Agent 'Microsoft Internet Explorer. "The PNG file contains an embedded payload inside a fake outer PNG header that is, carved, decrypted, and launched in memory," Microsoft says. This is a common attack method used by the Lazarus North Korean threat actors, who are known for trojanizing legitimate cryptocurrency software to steal crypto assets. After detecting a supply chain attack, Microsoft informed CyberLink and is also notifying Microsoft Defender for Endpoint customers who were affected by the attack. Microsoft also reported the attack to GitHub, which removed the second-stage payload as per its Acceptable Use Policies. The Lazarus Group is a North Korean-sponsored hacking group that has been operating for more than ten years, since at least 2009. Known for targeting organizations worldwide, their operations have so far included attacks on financial institutions, media outlets, and government agencies. Lazarus has been linked to a wide range of malicious activities encompassing espionage, data breaches, and financial exploitation. The group is thought to be behind many high-profile cyber attacks, including the 2014 Sony Pictures hack, the WannaCry ransomware attack of 2017, and the largest crypto hack ever in 2022. Lazarus hackers breached dev repeatedly to deploy SIGNBT malware. BlueNoroff hackers backdoor Macs with new ObjCShellz malware. North Korean hackers exploit critical TeamCity flaw to breach networks. MATA malware framework exploits EDR in attacks on defense firms.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Microsoft: Lazarus hackers breach CyberLink in supply chain attack

Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
9 months ago Feeds.dzone.com
Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
11 months ago Bleepingcomputer.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
11 months ago Theregister.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
11 months ago Bleepingcomputer.com
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug - The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade ...
10 months ago Bleepingcomputer.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
11 months ago Darkreading.com
Ledger Supply Chain Breach: $600,000 Theft Unveiled - Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don't know, Ledger is a company that develops hardware and software-based cryptocurrency ...
10 months ago Securityboulevard.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
9 months ago Cisa.gov
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack - MUST READ. Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack. Sweden's liquor supply severely impacted by ransomware attack on logistics company. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors ...
5 months ago Securityaffairs.com
Securing the Supply Chain - Before a supply chain can be improved, it must be understood. Rather than attacking one target, it is more effective to manipulate the supply chain to gain access to multiple targets. The 2013 Target breach was an example of a supply chain attack, as ...
1 year ago Securityweek.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
6 months ago Bleepingcomputer.com
North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled - It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum in the last 24 hours, using the coin mix-up service ...
7 months ago Cysecurity.news
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
10 months ago Helpnetsecurity.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
9 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
9 months ago Bleepingcomputer.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
4 months ago Wordfence.com
How AI could bolster software supply chain security - SAN FRANCISCO - While supply chain risks remain prevalent across enterprises of all sizes, Synopsys' Tim Mackey said AI tools will enable developers more than attackers - at least for now. Supply chain security was a significant topic that speakers ...
5 months ago Techtarget.com
Ledger dApp supply chain attack steals $600K from crypto wallets - Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, ...
10 months ago Bleepingcomputer.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
4 months ago Bleepingcomputer.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
9 months ago Bleepingcomputer.com
North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
10 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)