North Korea Targets Governments, Banks, and Defense Firms in Supply Chain Attacks

The National Cyber Security Centres of the United Kingdom and South Korea are issuing warnings about the escalating frequency and complexity of North Korean attacks on software supply chains. The South Korean National Intelligence Service (NIS) and the UK’s National Cyber Security Centre (NCSC) have disseminated a joint advisory to elevate awareness of the threat targeting governments, financial institutions, and defense industry companies globally.

According to the agencies, North Korean hackers exploit zero-day vulnerabilities, known weaknesses, and a plethora of exploits to achieve objectives aligning with North Korea’s state interests. These interests encompass fundraising, espionage, and the theft of intellectual property and cutting-edge technologies from various sectors, including defense.

The advisory emphasizes that in the digitally interconnected world, attacks on software supply chains can have profound and far-reaching consequences for the affected organizations. Recommendations to prevent such attacks include implementing two-factor authentication, updating security systems, and monitoring networks for abnormal traffic.

The NCSC and NIS have listed examples of attacks attributed to the Lazarus Group, believed to be a North Korean state-sponsored cyber army unit. A notable instance is the attack on the 3CX application supply chain, wherein hackers embedded malicious code in the program’s installer, accessed by users through legitimate channels.

As a result of the attack, user information from 3CX, including account details, was compromised. On Windows, programs were installed to steal data from browsers, including browsing history.

North Korea’s attacks are part of the country’s ongoing efforts to disrupt global cybersecurity and highlight the necessity for vigilance and international cooperation in the field of cybersecurity.