UK, ROK sound alarm over North Korean supply chain attacks The Register

The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organizations," said Paul Chichester, director of operations at the NCSC. "Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication." "We strongly encourage organizations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise." The NCSC and NIS listed examples of zero-days and high-profile organizations exploited in attacks attributed to Lazarus, the group widely believed to be North Korea's state-sponsored offensive cyber unit. MagicLine4NX. In March 2023, Lazarus attackers launched a watering hole attack to target specific groups that had vulnerable versions of the MagicLine4NX security authentication software installed. It first compromised a media organization, poisoning a web page with malicious scripts which when visited by a user with a vulnerable MagicLine4NX installed would execute and provide attackers with remote control capabilities on the victim's machine via C2 infrastructure. "The malicious actors used highly sophisticated modus operandi by exploiting an undisclosed vulnerability of the network-linked system and a legitimate function for intrusion into the intranet," the advisory read. Diagram of the MagicLine4NX attack chain, courtesy of the NCSC and NIS - Click to enlarge. Ultimately, security policies blocked key activity attempted by the attackers, preventing a large-scale data theft incident. The attack itself was built on an earlier watering hole attack launched by Lazarus, then targeting the INISAFE web client with the methods used remaining unchanged in the follow-on MagicLine attacks. Despite it not achieving the success North Korea would have wanted, the incident still provides evidence of Kim Jong Un's ambition to target software supply chains with sophisticated methods. 3CX. The more widely publicized supply chain attack coming out of North Korea this year was that of 3CX's desktop app, one which was slowly attributed to Lazarus as time went on and more evidence was gathered in the weeks following its March disclosure. Adding to the theme of sophistication, the attack itself impacted both Windows and macOS versions of the 3CX application. Diagram of the 3CX attack chains on Windows and macOS, courtesy of the NCSC and NIS - Click to enlarge. The infection chain was similar in both the Windows and Mac versions. Both applications installed as they normally would if they hadn't been tampered with, and once installed they entered a sleep phase - seven days for Windows and between seven and 20 days on Mac - before transmitting data to the attackers. Windows attacks led to browser stealers installed, with basic system data, 3CX account information, and browser histories from Brave, Chrome, Edge, and Firefox sent back to Lazarus. The warning comes a day after Microsoft published its own report on yet another North Korean supply chain attack, this time on CyberLink's multimedia software. In a similar style to the attack on 3CX, Lazarus breached the Taiwanese tech company and tampered with its installer as recently as October 20. While running, the software scans the victim's system for evidence of CrowdStrike Falcon, FireEye, or Tanium EDR security solutions. Microsoft said it hasn't observed hands-on-keyboard activity as a result of this supply chain attack, but it pointed to the same typical motivations of the Lazarus group that the NCSC and NIS did, indicating its potential end-goals.

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to UK, ROK sound alarm over North Korean supply chain attacks The Register

Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
10 months ago Feeds.dzone.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
6 months ago Microsoft.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
11 months ago Bleepingcomputer.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
1 year ago Thehackernews.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
6 months ago Securityweek.com
Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
1 year ago Bleepingcomputer.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
1 year ago Bleepingcomputer.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com
North Korean hackers linked to defense sector supply-chain attack - In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The attacks aim to ...
9 months ago Bleepingcomputer.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
9 months ago Cisa.gov
North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report - North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future. Collectively tracked as the Lazarus Group, the North Korean hackers specialize ...
11 months ago Securityweek.com
The past year was the most detrimental for digital currency security breaches, with North Korean organizations profiting. - In 2022, cyberattacks on cryptocurrency platforms resulted in the theft of almost $4 billion, with a large portion of the activity being attributed to hackers working on behalf of the North Korean government. According to blockchain research firm ...
1 year ago Therecord.media
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
10 months ago Infosecurity-magazine.com
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
1 year ago Securityweek.com
Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
6 months ago Bleepingcomputer.com
Unmasking Moonstone Sleet: A Deep Dive into North Korea's Latest Cyber Threat - Moonstone Sleet: A New North Korean Threat Actor Microsoft discovered a new North Korean threat actor, Moonstone Sleet, who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique ...
6 months ago Cysecurity.news
North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
1 year ago Therecord.media
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti - The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea's cyber activities. A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea's weapons ...
1 year ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)