North Korean hackers are using software supply chain attacks to target businesses around the world, the UK’s National Cybersecurity Centre (NCSC) has warned. A joint statement issued with officials from South Korea outlines some of the tactics being used by the cybercriminals.
It says gangs have been observed leveraging zero-day vulnerabilities and exploits in third-party software in order to gain access to specific targets or indiscriminate organisations via their supply chains.
Supply chain attacks are becoming increasingly common as large enterprises use a wider array of software packages as part of their tech stack. By hacking into one supplier’s system, criminals can potentially gain access to the networks of its customers. The most high profile example this year is the exploitation of a vulnerability in the MOVEit Transfer software, which has seen hackers target some of the biggest names in business, all of which were using MOVEit Transfer to share files.
North Korea’s hackers are exploiting supply chain attacks
The NCSC and South Korea’s National Intelligence Service (NIS) say hackers working on behalf of North Korea have been using increasingly sophisticated techniques to gain access to victims’ systems.
Examples in the advisory include the use of a “watering hole” attack, where cybercriminals infected a site commonly visited by their targets, in this case, a media outlet. They were able to infect a page of the site with a malicious script so that when users with certain IP addresses clicked on it malware was deployed to their systems.
When triggered, the “victim computer then connected to the command and control (C2), and the attackers used the C2 to achieve remote control over the infected computer,” the advisory explains. The hackers were then able to use this initial access to hit secondary supply chains.
The NCSC and the NIS consider these supply chain attacks to align and considerably assist with the fulfilment of wider North Korean state priorities. Hackers backed by Pyongyang tend to work for financial gain to try and boost North Korea’s coffers but are also interested in industrial espionage.
Paul Chichester, the NCSC director of operations said: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.
“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication.
“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”
UK and South Korea strike tech partnership
The advisory was published following the announcement of a new strategic cyber partnership between the UK and South Korea, agreed on Wednesday as part of a wider tech pact between the two nations.
As part of the deal, the two countries have agreed to work closely together to “harness the potential of critical technologies like AI, quantum and semiconductors to create jobs and unlock economic growth, alongside a new £4.5 million fund to create joint research and innovation partnerships.”
South Korea will host the follow-up to the UK’s AI safety summit, which saw political and business leaders gather at Bletchley Park earlier this month to discuss the safe deployment of artificial intelligence.
Tech secretary Michelle Donelan said the UK and South Korea “share the same values and face the same challenges: from creating future jobs and industries fit for the AI age, to bringing the power of science to bear on climate change and supporting ageing populations.”
Donelan said: “As part of the new accord between our two countries, this raft of agreements will future-proof our relationship for decades to come: a partnership that is already bearing fruit as we work closely together on the next AI safety summit.”