The actor Microsoft tracks as Diamond Sleet is a North Korea-based activity group known to target media, defense, and information technology (IT) industries globally. Diamond Sleet focuses on espionage, theft of personal and corporate data, financial gain, and corporate network destruction. Diamond Sleet is known to use a variety of custom malware that is exclusive to the group, the latest being LambLoad, ForestTiger, RollSling and ZetaNile. Diamond Sleet has also used social networking as the primary delivery vector, delivering spear phishing and drive-by compromises. The group has used zero-day exploits for elevation of privilege and remote code execution. Diamond Sleet is tracked by other security companies as Lazarus, Black Artemis, and Labyrinth Chollima.
Get insights straight from the experts on the Microsoft Threat Intelligence Podcast. Listen now.
Nation State Actor Diamond Sleet
Also known as: Industries targeted:
Lazarus, Black Artemis, Labryinth Chollima, ZINC Media
Country of origin: Defense
North Korea Healthcare
Countries targeted: Transportation
South Korea Financial
United States Education
Government
Follow Microsoft