Diamond Sleet

Threat Actor updated 7 days ago (2024-08-31T23:18:09.910Z)

Download STIX

Preview STIX

Diamond Sleet is a North Korea-linked Advanced Persistent Threat (APT) group that has emerged as a significant threat actor in the cybersecurity landscape. This entity, which could be an individual, private company, or government body, is responsible for executing actions with malicious intent. The group's operations are characterized by sophisticated tactics and techniques, demonstrating their capability to launch high-impact cyberattacks. The group recently executed a supply chain attack leveraging CyberLink software, as reported by securityaffairs.com. The specifics of the attack remain undisclosed in the provided information, but supply chain attacks typically involve infiltrating a less secure element in a network to gain access to the primary target. CyberLink, a well-known multimedia software company, was exploited in this instance, indicating Diamond Sleet's ability to compromise reputable software providers. Moreover, the FudModule rootkit has been associated with Diamond Sleet, further substantiating their connection to advanced cyberespionage activities. Rootkits like FudModule provide threat actors with privileged access to a computer system, often remaining undetected for extended periods. This association underscores the severity of the threat posed by Diamond Sleet and its potential for extensive damage within targeted systems.

Description last updated: 2024-08-31T23:15:56.494Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Onyx Sleet	4	Onyx Sleet, also known as Andariel, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is a threat actor associated with North Korea's state-sponsored cyber operations. This group operates under the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau, based
ZINC	3	Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw
Lazarus Group	3	The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and
Fudmodule	3	FudModule is a sophisticated malware associated with North Korea-linked cyberespionage groups, Lazarus (also known as Citrine Sleet, AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra) and Diamond Sleet. This data-only rootkit executes entirely from user space, employing direct kernel object m
HIDDEN COBRA	2	Hidden Cobra, also known as Lazarus Group, Kimsuky, KONNI, APT37, TEMP.Hermit, Sapphire Sleet, and Diamond Sleet, is a threat actor attributed to the North Korean government by the U.S. Government. Active since at least 2009, this group has been involved in various cyber espionage operations, destru

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Teamcity

Apt

Malware

Espionage

Korean

Backdoor

Exploit

Vulnerability

Payload

Rootkit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Citrine Sleet	Unspecified	2	Citrine Sleet is a dangerous malware attributed to a North Korean threat actor, as reported by Microsoft in late August 2024. This malicious software is designed to exploit and damage computer systems, infiltrating them through suspicious downloads, emails, or websites, often unbeknownst to the user

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-42793	has used	6	CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre
Foresttiger	Unspecified	2	ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two p

Source Document References

Information about the Diamond Sleet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	4 days ago	North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto
BankInfoSecurity	5 days ago	North Korean Hackers Tied to Exploits of Chromium Zero-Day
Securityaffairs	7 days ago	North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit - Security Affairs
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	3 months ago	Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals
InfoSecurity-magazine	3 months ago	New North Korean Hacking Group Identified by Microsoft
BankInfoSecurity	3 months ago	Microsoft Warns of North Korea's 'Moonstone Sleet'
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini