November 23, 2023 at 08:44AM
The UK and South Korea’s national cybersecurity organizations have issued a joint advisory warning about an increase in the volume and sophistication of North Korean software supply chain attacks. The advisory highlights the use of zero-day and N-day vulnerabilities and multiple exploits to achieve North Korea’s priorities, which include generating funds and stealing intellectual property. The advisory also lists examples of high-profile organizations exploited in attacks attributed to Lazarus, North Korea’s state-sponsored offensive cyber unit. The advisory emphasizes the importance of organizations taking mitigative actions to improve their resilience to supply chain attacks.
Meeting Takeaways:
– The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning about increased North Korean software supply chain attacks.
– The attacks target governments, financial institutions, and defense industry companies worldwide.
– Zero-day and N-day vulnerabilities, along with multiple exploits, are being used in these attacks.
– North Korea’s state-sponsored offensive cyber unit, Lazarus, is believed to be responsible for the attacks.
– Lazarus launched a watering hole attack targeting organizations with vulnerable versions of the MagicLine4NX security authentication software.
– Another supply chain attack targeted 3CX’s desktop app, impacting critical infrastructure organizations and financial trading companies.
– Both the Windows and macOS versions of the 3CX app were affected.
– Microsoft also reported a North Korean supply chain attack on CyberLink’s multimedia software, targeting devices in various countries.
– Mitigative actions are recommended, including enabling 2FA, applying security updates, and monitoring networks for anomalous traffic.