Diamond Fleet

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Diamond Fleet, a threat actor believed to be originating from North Korea, has been identified by Microsoft's threat intelligence team as the entity behind a significant cyberattack campaign. Previously known as Zinc, this group has been involved in executing actions with malicious intent, compromising legitimate infrastructures, and delivering harmful payloads to targeted systems. The cybersecurity industry often uses unique naming conventions for these entities, which can range from individual hackers to private companies or even parts of government entities. The Diamond Fleet's attacks have been particularly noteworthy due to their use of sophisticated techniques such as PowerShell to download two malicious payloads from previously compromised legitimate infrastructure. These payloads include the ForestTiger Backdoor among others, demonstrating the threat actor's ability to exploit vulnerabilities and infiltrate systems undetected. This level of sophistication indicates a high degree of technical expertise and resources at the disposal of the Diamond Fleet. Microsoft’s threat intelligence team publicly attributed the campaign to Diamond Fleet in a blog post dated November 22, 2023. They reported that Diamond Fleet had distributed a modified Cyberlink installer through a supply chain compromise. This method of attack shows the group's capability to manipulate trusted software, posing a significant risk to unsuspecting users who may unknowingly install malware-laden applications. As such, Diamond Fleet represents a serious cybersecurity threat that requires ongoing vigilance and robust defensive measures.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
ZINC
1
Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Vulnerability
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ForesttigerUnspecified
1
ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two p
Source Document References
Information about the Diamond Fleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Security Week In Review: November 24, 2023
CERT-EU
8 months ago
New North Korean supply chain attack spreads via malicious CyberLink app
CERT-EU
9 months ago
North Korean State Actors Attack Critical Bug in TeamCity Server