Microsoft’s Threat Intelligence team alleged on Wednesday that hackers backed by North Korea have been spreading a malicious application to downstream customers. The application originates from a Taiwanese software developer who created it using CyberLink. The hackers stand accused of modifying an application and planning a wide supply chain attack.
CyberLink, a Taiwanese software company, has developed various multimedia software, including PowerDVD and AI face recognition technology. The company asserts on its official webpage that it has provided over 400 million apps globally.
Microsoft states that it noticed certain suspicions in its modified installer, named “LambLoad,” on October 20, 2023. So far, the company has found the installer operating in various countries worldwide, including Japan, Taiwan, Canada, and the United States.
The hackers obtained a CyberLink certificate using a specific code. The Microsoft Threat Intelligence team revealed that “This certificate has been added to Microsoft’s disallowed certificate list to protect customers from future malicious use of the certificate.”
Microsoft identifies the hacker group as Diamond Sleet, a North Korean state group previously linked to the malicious Lazarus hacking group. The group allegedly targets companies dealing with information technology, media, and defense, with a focus on destroying corporate networks and generating revenue.
Microsoft has informed CyberLink about the breach, but it is uncertain about the actions CyberLink will take.
