Diamond Sleet

Threat Actor Profile Updated 2 days ago
Download STIX
Preview STIX
Diamond Sleet is a North Korea-linked Advanced Persistent Threat (APT) group that has been implicated in numerous cyberattacks. This threat actor, which could be an individual, a private company, or part of a government entity, executes actions with malicious intent. The group has demonstrated its capabilities through the execution of sophisticated supply chain attacks, specifically targeting CyberLink software, a popular multimedia and creativity software provider. In October 2023, Diamond Sleet exploited the TeamCity CVE-2023-42793 vulnerability to compromise hundreds of victims across various industries. The affected regions included the United States and several European countries such as the United Kingdom, Denmark, Ireland, and Germany. This significant event underlined the group's advanced technical proficiency and their ability to infiltrate systems on a large scale. The cybersecurity industry needs to pay close attention to Diamond Sleet's activities due to their potential for causing widespread disruption and damage. The group's reliance on CyberLink software for their supply chain attacks highlights the need for robust security measures within software supply chains. As Diamond Sleet continues to operate, it underscores the persistent threat posed by state-sponsored cyber actors and the importance of continuous vigilance and proactive cybersecurity strategies.
What's your take? (Question 1 of 5)
77774cb6-066f-4c1c-a224-3614c3562523 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Onyx Sleet
4
Onyx Sleet, a North Korean nation-state threat actor, has been identified as a significant cybersecurity risk by Microsoft. Operating under the Lazarus Group umbrella, Onyx Sleet primarily targets defense and IT services organizations in South Korea, the United States, and India. In October 2023, Mi
ZINC
3
Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw
Lazarus Group
2
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in a series of sophisticated cyber-attacks and illegal activities. The group is known for its exploitation activities aimed at establishing kernel read/write primitives. A notable attack orchestrated by the
HIDDEN COBRA
2
Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Teamcity
Espionage
Apt
Exploit
Vulnerability
Payload
Korean
Backdoor
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-42793has used
6
CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
ForesttigerUnspecified
2
ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two p
Source Document References
Information about the Diamond Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Diamond Sleet supply chain compromise distributes a modified CyberLink installer | Microsoft Security Blog
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
CERT-EU
a year ago
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
CERT-EU
9 months ago
North Korea ramps up intelligence-gathering cyberattacks
Securityaffairs
5 months ago
Security Affairs newsletter Round 453 by Pierluigi Paganini
CERT-EU
3 months ago
JetBrains patches new TeamCity authentication bypass bugs
BankInfoSecurity
7 months ago
North Korean Hackers Exploiting Critical Flaw in DevOps Tool
CERT-EU
7 months ago
North Korean Hackers Exploiting Recent TeamCity Vulnerability
Securityaffairs
3 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 449 by Pierluigi Paganini
CERT-EU
7 months ago
North Korean State Actors Attack Critical Bug in TeamCity Server
Securityaffairs
23 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 452 by Pierluigi Paganini
Securityaffairs
2 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
7 months ago
Cyber Security Week in Review: October 20, 2023
Securityaffairs
4 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini