Trace Id is missing
Nation State Actor Diamond Sleet
A close-up of a planet
The actor Microsoft tracks as Diamond Sleet is a North Korea-based activity group known to target media, defense, and information technology (IT) industries globally. Diamond Sleet focuses on espionage, theft of personal and corporate data, financial gain, and corporate network destruction. Diamond Sleet is known to use a variety of custom malware that is exclusive to the group, the latest being LambLoad, ForestTiger, RollSling and ZetaNile. Diamond Sleet has also used social networking as the primary delivery vector, delivering spear phishing and drive-by compromises. The group has used zero-day exploits for elevation of privilege and remote code execution. Diamond Sleet is tracked by other security companies as Lazarus, Black Artemis, and Labyrinth Chollima.

Also known as:                                                                        Industries targeted:


Lazarus, Black Artemis, Labryinth Chollima, ZINC                  Media

Country of origin:                                                                  Defense


North Korea                                                                              Transportation         


Countries targeted:                                                                Financial   


South Korea                                                                              Education

United States                                                                            Government  

Microsoft Threat Intelligence: Recent Diamond Sleet Articles

ZINC attacks against security researchers

Cyberattacks targeting health care must stop

Ghost in the shell: Investigating web shell attacks

Follow Microsoft