View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 23, 2023

North Korea’s hackers use ‘watering hole’ cyberattacks to target software supply chains

Pyongyang's cybercriminals have increasingly complex tactics and tools at their disposal, the UK and South Korea have warned.

By Matthew Gooding

North Korean hackers are using software supply chain attacks to target businesses around the world, the UK’s National Cybersecurity Centre (NCSC) has warned. A joint statement issued with officials from South Korea outlines some of the tactics being used by the cybercriminals.

North Korean hackers are getting busy with supply chain attacks. (Photo by Micha Brändli via Unsplash)

It says gangs have been observed leveraging zero-day vulnerabilities and exploits in third-party software in order to gain access to specific targets or indiscriminate organisations via their supply chains.

Supply chain attacks are becoming increasingly common as large enterprises use a wider array of software packages as part of their tech stack. By hacking into one supplier’s system, criminals can potentially gain access to the networks of its customers. The most high profile example this year is the exploitation of a vulnerability in the MOVEit Transfer software, which has seen hackers target some of the biggest names in business, all of which were using MOVEit Transfer to share files.

North Korea’s hackers are exploiting supply chain attacks

The NCSC and South Korea’s National Intelligence Service (NIS) say hackers working on behalf of North Korea have been using increasingly sophisticated techniques to gain access to victims’ systems.

Examples in the advisory include the use of a “watering hole” attack, where cybercriminals infected a site commonly visited by their targets, in this case, a media outlet. They were able to infect a page of the site with a malicious script so that when users with certain IP addresses clicked on it malware was deployed to their systems.

When triggered, the “victim computer then connected to the command and control (C2), and the attackers used the C2 to achieve remote control over the infected computer,” the advisory explains. The hackers were then able to use this initial access to hit secondary supply chains.

The NCSC and the NIS consider these supply chain attacks to align and considerably assist with the fulfilment of wider North Korean state priorities. Hackers backed by Pyongyang tend to work for financial gain to try and boost North Korea’s coffers but are also interested in industrial espionage.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Paul Chichester, the NCSC director of operations said: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.

“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication.

“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”

UK and South Korea strike tech partnership

The advisory was published following the announcement of a new strategic cyber partnership between the UK and South Korea, agreed on Wednesday as part of a wider tech pact between the two nations.

As part of the deal, the two countries have agreed to work closely together to “harness the potential of critical technologies like AI, quantum and semiconductors to create jobs and unlock economic growth, alongside a new £4.5 million fund to create joint research and innovation partnerships.”

South Korea will host the follow-up to the UK’s AI safety summit, which saw political and business leaders gather at Bletchley Park earlier this month to discuss the safe deployment of artificial intelligence.

Tech secretary Michelle Donelan said the UK and South Korea “share the same values and face the same challenges: from creating future jobs and industries fit for the AI age, to bringing the power of science to bear on climate change and supporting ageing populations.”

Donelan said: “As part of the new accord between our two countries, this raft of agreements will future-proof our relationship for decades to come: a partnership that is already bearing fruit as we work closely together on the next AI safety summit.”

Read more: Autumn statement features £500m AI fund and quantum mission launch


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU