Diamond Sleet

Threat Actor updated 3 days ago (2024-09-10T04:18:30.762Z)
Download STIX
Preview STIX
Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply chain attack methodology, specifically utilizing vulnerabilities in CyberLink software to infiltrate systems. The group's tactics include the deployment of FudModule, a rootkit shared with another APT group, Citrine Sleet. Once installed, this rootkit allows the attacker to operate at the kernel level of the system, making detection extremely difficult. It creates a challenging environment for security tools on the endpoint, potentially giving the attacker an upper hand. Microsoft has tracked Diamond Sleet's activities and noted shared infrastructure and tools between Diamond Sleet and Citrine Sleet. The analysis indicates a potential shared use of the FudModule malware between these threat actors. The association of the FudModule rootkit with Diamond Sleet further emphasizes the sophisticated cyberespionage capabilities of this North Korea-linked group.
Description last updated: 2024-09-10T03:19:29.076Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Onyx Sleet
4
Onyx Sleet, also known as Andariel, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is a North Korean state-sponsored cyber group associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. This threat actor pri
ZINC
4
Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa
Lazarus Group
3
The Lazarus Group, also known as APT38, is a notorious threat actor believed to be backed by the North Korean regime. This group has been associated with several high-profile cyber attacks and thefts, including the infamous $600 million Ronin sidechain exploit in 2022. Known for their sophisticated
Fudmodule
3
FudModule is a sophisticated malware associated with North Korea-linked cyberespionage groups, Lazarus (also known as Citrine Sleet, AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra) and Diamond Sleet. This data-only rootkit executes entirely from user space, employing direct kernel object m
HIDDEN COBRA
2
Hidden Cobra, also known as Lazarus Group, TEMP.Hermit, and several other names, is a threat actor attributed to the North Korean government by the U.S. Government. The group has been involved in various malicious cyber activities, including cyberespionage, ransomware attacks, and destructive operat
temp.hermit
2
Temp.Hermit, also known as Selective Pisces or Diamond Sleet, is a cyber threat actor linked to North Korea. This group has been active since 2013 and targets governments, defense, telecommunications, and financial services sectors with cyberespionage operations. Temp.Hermit's activities often overl
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Teamcity
Malware
Espionage
Apt
Korean
Backdoor
Exploit
Vulnerability
Payload
Rootkit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Citrine SleetUnspecified
2
Citrine Sleet, also known as Gleaming Pisces, AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra, is a threat actor believed to be associated with North Korea's Reconnaissance General Bureau. This group has been implicated in a series of targeted cyberattacks against the cryptocurrency industr
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2023-42793has used
6
CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
ForesttigerUnspecified
2
ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two p
Source Document References
Information about the Diamond Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
3 days ago
Threat Assessment: North Korean Threat Groups
DARKReading
9 days ago
North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto
BankInfoSecurity
10 days ago
North Korean Hackers Tied to Exploits of Chromium Zero-Day
Securityaffairs
12 days ago
North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit - Security Affairs
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
3 months ago
Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals
InfoSecurity-magazine
3 months ago
New North Korean Hacking Group Identified by Microsoft
BankInfoSecurity
3 months ago
Microsoft Warns of North Korea's 'Moonstone Sleet'
Securityaffairs
4 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
5 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION