Diamond Fleet

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Diamond Fleet, a threat actor believed to be originating from North Korea, has been identified by Microsoft's threat intelligence team as the entity behind a significant cyberattack campaign. Previously known as Zinc, this group has been involved in executing actions with malicious intent, compromising legitimate infrastructures, and delivering harmful payloads to targeted systems. The cybersecurity industry often uses unique naming conventions for these entities, which can range from individual hackers to private companies or even parts of government entities. The Diamond Fleet's attacks have been particularly noteworthy due to their use of sophisticated techniques such as PowerShell to download two malicious payloads from previously compromised legitimate infrastructure. These payloads include the ForestTiger Backdoor among others, demonstrating the threat actor's ability to exploit vulnerabilities and infiltrate systems undetected. This level of sophistication indicates a high degree of technical expertise and resources at the disposal of the Diamond Fleet. Microsoft’s threat intelligence team publicly attributed the campaign to Diamond Fleet in a blog post dated November 22, 2023. They reported that Diamond Fleet had distributed a modified Cyberlink installer through a supply chain compromise. This method of attack shows the group's capability to manipulate trusted software, posing a significant risk to unsuspecting users who may unknowingly install malware-laden applications. As such, Diamond Fleet represents a serious cybersecurity threat that requires ongoing vigilance and robust defensive measures.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Diamond Fleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
New North Korean supply chain attack spreads via malicious CyberLink app
CERT-EU
7 months ago
North Korean State Actors Attack Critical Bug in TeamCity Server
CERT-EU
6 months ago
Security Week In Review: November 24, 2023