Threat Intelligence, Malware

Trojanized CyberLink installer used in global Lazarus supply chain attack

Share

North Korea's Lazarus Group, also known as Diamond Sleet, has been leveraging a trojanized CyberLink app installer to facilitate the distribution of LambLoad malware in a new supply chain attack, according to SiliconAngle. Organizations without CrowdStrike, FireEye, and Tanium security software within their corporate environments are the primary targets of LambLoad, which performs system date and time monitoring prior to the execution of malicious activities, according to a Microsoft Threat Intelligence report. Meanwhile, over 100 devices in the U.S., Canada, Japan, Taiwan, and other countries have been compromised with the malicious CyberLink installer since late October, indicating a significant threat of data theft and downstream intrusions even though no hands-on-keyboard activity after compromise has been recorded. Such a severe threat has prompted Microsoft to urge the removal of the second-stage payload in GitHub, update its disallowed list to include the hijacked CyberLink certificate, and issue Defender for Endpoint and Defender Antivirus updates to counter the attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.