November 27, 2023 at 07:48AM
The UK National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a warning about state-sponsored hackers from North Korea targeting government, financial, and defense organizations through software supply chain attacks. The attackers exploited vulnerabilities to precisely target specific organizations. They used a watering hole attack and compromised supply chains to gain access to systems and steal information. Organizations are advised to raise awareness of supply chain cybersecurity, train employees, install security updates, and monitor network traffic.
The meeting notes discuss a warning issued by the UK National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) regarding state-sponsored hackers from the Democratic People’s Republic of Korea (DPRK). The hackers have been targeting government, financial, and defense organizations through software supply chain attacks. In these attacks, the hackers utilized zero-day and n-day vulnerabilities, as well as exploited multiple flaws, to target specific organizations. An example of an attack that occurred in March 2023 is provided, where the hackers compromised a media outlet to inject a malicious script into an article. When accessed by a machine running vulnerable software, the malicious code executed and allowed the hackers to gain remote control over the system. The hackers then exploited a network-linked system vulnerability to infect business-side systems and steal information. The notes also mention the DPRK threat actors’ involvement in a supply chain attack on the 3CX desktop application.
To mitigate supply chain attacks, organizations are advised to raise awareness of supply chain cybersecurity, train employees, identify threats, install security updates, use multi-factor authentication, and monitor network traffic for abnormal behavior. It is emphasized that supply chain attacks can compromise well-protected targets and that various elements of the supply chain can be compromised, including software vendors, managed service providers, and cloud providers. The alert concludes by highlighting the risk of ransomware attacks and the need to take preventive measures.