The Lazarus group, also known as ZINC and Labyrinth Chollima, has hacked Taiwanese multimedia software company CyberLink, releasing harmful code into one of the CyberLink installers. Microsoft claims that Lazarus is behind the attack, which has been targeting foreign companies for over 10 years as a form of cyberespionage. The group uses software called LambLoad to download malware, which is hidden inside a PNG file. Microsoft claims this method is only used by Lazarus and is often used to attack cryptocurrency sites.
The largest cryptocurrency cyberattack in history occurred in 2022 when digital assets worth $2 billion were stolen from the Ronin Network blockchain. Microsoft has not found any evidence of hacker behavior on infected computers yet. However, Lazarus uses its software for spying on other computers, and hackers stay in the system for a long time after breaking in. This is likely to be used to gather useful information and prepare for future attacks.
Lazarus and two other North Korean hacking groups, Bluenoroff and Andariel, have been hit with sanctions by the US government. Anyone with knowledge about their actions can now receive a reward of up to $5 million. Microsoft informed CyberLink that their system had been hacked and helped them fix the vulnerability in the current attack. Users using Defender protection were also sent alerts about the threat. It is unclear if the hackers were able to get private information or harm CyberLink or its users, but the results could be very bad due to the severity of the event.