Topics
later
AI
Amazon
Image Credits:Chris Jung/NurPhoto / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Chris Jung/NurPhoto / Getty Images
Cloud Computing
Commerce
Crypto
endeavour
EVs
Fintech
Fundraising
Gadgets
back
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
societal
distance
Startups
TikTok
Transportation
Venture
More from TechCrunch
case
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
North Korean body politic - backed hack are parcel out a malicious version of a licit software program developed by CyberLink , a Taiwanese software system maker , to place downstream client .
Microsoft ’s Threat Intelligence teamsaidon Wednesday North Korean hackers had compromise CyberLink to distribute a modified installer filing cabinet from the company as part of a widely - reaching supplying - strand attack .
CyberLink is a computer software company headquarter in Taiwan that develops multimedia computer software , such as PowerDVD , and AI facial credit applied science . According to the company’swebsite , CyberLink owns over 200 patent technology and has shipped more than 400 million apps worldwide .
CyberLink spokesperson Melinda Ziemer told TechCrunch that the organization identified a “ malware issuing ” in the installation file for one of its apps , a video editing curriculum called Promeo , on November 11 . “ Upon discovery , our dedicated cybersecurity squad immediately removed the hemipteron and additional security beat were put in place to forestall this from happening again in the future , ” Ziemer tell , noting that none of the company ’s other applications are impacted .
Microsoft said it observed suspicious activity assort with the modify CyberLink installer , track by the company as “ LambLoad , ” as early as October 20 , 2023.It has so far detected the trojanized installer on more than 100 gadget in multiple countries , include Japan , Taiwan , Canada and the United States .
The file is hosted on lawful update infrastructure owned by CyberLink , grant to Microsoft , and the attackers used a legitimate computer code signing certificate issue to CyberLink to sign the malicious practicable , fit in to Microsoft . “This certification has been added to Microsoft’sdisallowed credentials listto protect client from future malicious usage of the certification , ” said Microsoft ’s Threat Intelligence squad .
The company note that a second - phase loading observed in this cause interacts with base previously compromised by the same group of threat histrion .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Microsoft has attributed this attack with “ high confidence ” to a group it tracks as Diamond Sleet , a North Korean nation - United States Department of State role player linked to the notoriousLazarus hacking grouping . This mathematical group has been observed target formation in information technology , defensive measure and medium . And it concentrate predominantly on espionage , financial gain and incarnate connection destruction , fit in to Microsoft .
Microsoft said it has yet to detect deal - on keyboard natural process but noted that Diamond Sleet attackers usually steal data from compromised system , infiltrate software human body environments , progress downstream to work further victims and effort to acquire persistent access to victims ’ environment .
Microsoft said it notified CyberLink of the supplying - chain compromise but did not say whether it had received a reply or whether CyberLink had taken any activeness in light of the company ’s findings . The company is also notifying Microsoft Defender for Endpoint client who were bear on by the attack .
UPDATE , Nov. 29 , 11:00 a.m. ET : This clause has been updated with commentary from CyberLink .
