November 24, 2023 at 01:28PM
The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain attacks primarily targeting South Korean institutions. The attack involves compromising a media outlet’s website and using it to execute malicious code that exploits the vulnerability in the MagicLine4NX software. The hackers then gain unauthorized access to information and compromise PCs within the target organization. The Lazarus group is known for its supply chain attacks and exploitation of zero-day vulnerabilities.
Summary:
The meeting notes highlight that the North Korean Lazarus hacking group has been conducting supply-chain attacks using a zero-day vulnerability in the MagicLine4NX software developed by Dream Security. The attacks primarily targeted South Korean institutions. The hackers compromised a media outlet’s website to execute malicious code, taking advantage of the vulnerability in the software. This allowed them to gain unauthorized access to the intranet of the target organization. The attackers used a combination of techniques, including reconnaissance, data exfiltration, and lateral network movement. The government agencies warn that the stolen funds from these cyber operations are used to support North Korea’s objectives, including targeting the United States and South Korea governments. Supply-chain attacks and zero-day vulnerabilities are consistent tactics employed by Lazarus and other state-backed North Korean hacking groups.