Targeting of CyberLink customers in supply-chain attack

Affiliations

Lazarus Group

Lazarus Group compromised Taiwanese software provider CyberLink’s network and embedded malicious code in an update of CyberLink’s Promeo software. The attack appeared aimed at compromising the networks of CyberLink customers, including critical government, financial, and defense systems in countries including the United States, Canada, Japan, and Taiwan.

Suspected victims

Users of CyberLink’s Promeo software

Suspected state sponsor

Korea (Democratic People's Republic of)

Target category

Government
Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Diamond Sleet supply chain compromise distributes a modified CyberLink installer
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events