- Government-issued advisories in the UK and South Korea warned of an increase in software supply chain attacks by North Korea’s state-run ecosystem.
- The objective is to engage in espionage activities to generate revenue and access advanced technology.
Government-issued advisories in the United Kingdom and South Korea come a day after Microsoft Threat Intelligence notified about a North Korean threat group carrying out malicious supply chain attacks through mobile and computer applications developed by CyberLink. has warned that state-led ecosystems are engaging in activities such as: That kind of activity.
In a joint advisory, South Korea’s National Intelligence Service (NIS) and the UK’s National Cyber Security Center (NCSC) said the two countries warned that North Korea’s I warned you about hackers.
According to the recommendation, its purpose is to “achieve the broader priorities of the North Korean state,” including engaging in espionage activities to generate revenue and access advanced technology.
“Warnings from the NCSC should not be taken lightly and organizations need to take steps to strengthen their defenses against state actors,” William Wright, CEO of Closed Door Security, told Spiceworks. Told. “In today’s interconnected world, software supply chains can be long and complex, and one failure in the chain can have a cascading effect on other failures.”
NIS and NCSC outlined vulnerabilities in the MagicLine4NX security certification program that North Korean attackers exploited in March 2023 to gain access to organizations’ intranets. The attackers combined this with the exploitation of another zero-day vulnerability after the initial compromise.
The flowchart below details how an attacker can first use the watering hole attack technique to group targets and then perform more specific attacks. “A breach in one supply chain led to an infection in another supply chain. This was a targeted attack against a specific target. Malicious actors exploited undisclosed vulnerabilities and exploits in systems linked to the network. , used a highly sophisticated method of exploiting legitimate functionality to compromise the intranet.”
see next: Software supply chain risks looming over election systems
North Korean hacker supply chain attack chain on two products
Source: NIS
The two cybersecurity agencies also detailed Windows- and macOS-based attacks against desktop apps. Communication software provider 3CXthe company acknowledged it a month later in April.
The impact of supply chain attacks is correlated to the ubiquity of vulnerable applications across systems and the rate at which they are exploited. For example, the Log4j vulnerability was a major headache for organizations. Recently, the MOVEit vulnerability led to multiple high-profile attacks against a total of 2,590 organizations.
“Look at MOVEit. It’s been about half a year since day zero. [vulnerability] Despite being discovered, victims are still being announced every week. A flaw in ubiquitous software like MOVEit can devastate multiple organizations in a single attack. “This means mass destruction with minimal effort on the part of the attacker,” Wright added.
North Korea-related threat actors include Alphapo ($60 million) in June 2023, CoinsPaid ($37 million) in June 2023, Atomic Wallet ($100 million) in June 2023, and Harmony in June 2023. It is also notorious for carrying out cryptocurrency heists from exchanges such as Horizon Bridge. 2022 ($100 million), Sky Mavis’ Ronin Bridge in March 2022 ($620 million).
Chainalysis described 2022 as “the biggest year in crypto hacking history,” with primarily North Korean attackers successfully stealing $3.8 billion in cryptocurrencies.
In a software supply chain attack, a threat actor can attempt to penetrate a target through a product at any stage of the software development lifecycle. Tools, dependencies, shared libraries, and third-party code are all at risk.
“When defending against supply chain attacks, organizations need to know who they are working with and inventory all the software that can access their data. Categorizing and mapping this information will help It makes it easy to see how software vulnerabilities affect your data,” Wright continued.
“Additionally, it’s important to only work with partners who practice good security hygiene. After all, their mistakes can easily become yours. Make sure your partners have security software and patches in place. You need to keep your systems up to date and conduct regular cyber training for your employees.”
“For software vendors, it is essential to follow secure by design principles and to regularly test their products to ensure vulnerabilities are identified and patched before they can be maliciously exploited. .”
Do you have any advice for staying safe from software supply chain attacks? Please share with linkedin, Xor Facebook. We look forward to hearing from you!
Image source: Shutterstock