Microsoft discovers North Korean malware in legitimate CyberLink downloader

A supply chain attack originating in North Korea and Trojanized in an application installer from Taiwanese facial recognition provider CyberLink has overtones of a James Bond film.

According to a bulletin on the Microsoft Threat Intelligence blog, threat actors known as Diamond Sleet targeted foreign financial institutions on behalf of the Lazarus Group, a hacker agency for the DPRK. Malicious code embedded in the legitimate CyberLink application checks for the presence of specific security software. If the specified software …

application attack biometrics news blog cyberlink cybersecurity diamond diamond sleet downloader facial facial recognition film financial financial institutions installer institutions intelligence james korea malware microsoft microsoft threat intelligence north north korea north korean recognition sleet supply supply chain supply chain attack threat threat actors threat intelligence