Diamond Fleet

Diamond Fleet, a threat actor believed to be originating from North Korea, has been identified by Microsoft's threat intelligence team as the entity behind a significant cyberattack campaign. Previously known as Zinc, this group has been involved in executing actions with malicious intent, compromising legitimate infrastructures, and delivering harmful payloads to targeted systems. The cybersecurity industry often uses unique naming conventions for these entities, which can range from individual hackers to private companies or even parts of government entities. The Diamond Fleet's attacks have been particularly noteworthy due to their use of sophisticated techniques such as PowerShell to download two malicious payloads from previously compromised legitimate infrastructure. These payloads include the ForestTiger Backdoor among others, demonstrating the threat actor's ability to exploit vulnerabilities and infiltrate systems undetected. This level of sophistication indicates a high degree of technical expertise and resources at the disposal of the Diamond Fleet. Microsoft’s threat intelligence team publicly attributed the campaign to Diamond Fleet in a blog post dated November 22, 2023. They reported that Diamond Fleet had distributed a modified Cyberlink installer through a supply chain compromise. This method of attack shows the group's capability to manipulate trusted software, posing a significant risk to unsuspecting users who may unknowingly install malware-laden applications. As such, Diamond Fleet represents a serious cybersecurity threat that requires ongoing vigilance and robust defensive measures.