- North Korea hackers infiltrated CyberLink to infect 400 million users via malware-laced software updates.
- Exploiting valid certificates, the attackers compromised CyberLink’s infrastructure to distribute malicious code undetected.
- Microsoft notified affected parties but supply chain breach shows susceptibility.
State-Sponsored Hackers Target CyberLink
North Korean state-sponsored hackers have compromised Taiwanese software developer CyberLink to distribute malware to its users as part of a supply chain attack.
According to Microsoft threat researchers, the attackers injected malicious code into legitimate CyberLink software updates distributed to over 100 victims across several countries.
The tainted updates were signed with a valid CyberLink certificate to avoid detection.
Popular Software Developer CyberLink Breached: 400 Million Users at Risk
CyberLink is known for multimedia and facial recognition programs like PowerDVD. The company has shipped over 400 million applications worldwide. By infiltrating CyberLink’s infrastructure, the hackers were able to access a vast pool of potential targets.
Microsoft attributes this attack to a North Korean group called Diamond Sleet with high confidence. Diamond Sleet has previously targeted IT, defence, and media organizations, focusing on cyber espionage and data theft.
CyberLink Hit by Hackers in Late October
The attack was first spotted in late October 2023 but may have started earlier. Microsoft has not yet observed direct hacking activity but notes that Diamond Sleet frequently attempts to establish persistent access to victim networks to steal data.
Microsoft has notified CyberLink of the compromise, but it’s unknown if the company has taken action.
For now, Microsoft is warning its Defender clients who were affected and has blocked the hackers’ digital certificates.
The supply chain breach illustrates how even reputable software vendors can be compromised by nation-state groups to cast a wider net for cyber espionage and surveillance.
