Microsoft attributes a CyberLink supply-chain compromise to Diamond Sleet, a North Korea-based actor also tracked as ZINC, Temp.Hermit, or Labyrinth Chollima. The malicious file was a legitimate CyberLink installer signed with a valid CyberLink certificate and hosted on legitimate update infrastructure, but modified to download, decrypt, and load the LambLoad second-stage payload. Microsoft observed impact on more than 100 devices across Japan, Taiwan, Canada, and the United States, and the payload communicated with infrastructure previously compromised by Diamond Sleet. LambLoad checked execution timing and avoided hosts running selected security products before retrieving payloads masquerading as PNG files from Stack Imgur, webville.net, or GitHub Pages. The compromise is significant because it shows a DPRK actor abusing trusted vendor software, code signing, and update channels to reach IT, media, defense, and other targets.