View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 28, 2021updated 26 Apr 2022 5:01pm

North Korea’s Lazarus APT targets IT vendor in supply chain attack

The notorious cybercrime group backed by North Korea infiltrated an IT asset monitoring company as it experimented with supply chain attacks, according to Kaspersky Lab.

By Claudia Glover

A notorious cybercriminal group backed by the North Korean government has experimented with ‘supply chain’ attacks, wherein hackers seek to infiltrate high-profile targets by first compromising their suppliers, according to new research from security company Kaspersky Lab. Its targets include an IT asset monitoring company. The group, named Lazarus, is known to be highly effective and cybersecurity experts advise that companies strengthen their risk assessments of new and existing suppliers.

supply chain

“When a sophisticated threat actor like Lazarus is adopting that kind of approach, then clearly that’s a potential worry.” (Photo by NurPhoto/iStock)

In its latest quarterly APT trends report, Kaspersky Lab says that Lazarus, an APT backed by the North Korean government, has waged at least two supply chain attack campaigns in the last year. Strains of malware associated with the group were detected on the systems of a Latvian IT asset monitoring company and a South Korean think tank. 

Lazarus is among the most notorious state-backed cybercrime groups. It was implicated in an audacious attempt to steal $1bn from the Central Bank of Bangladesh in 2016. The group was initially motivated by geopolitics, according to Kaspersky Lab, but has since moved on to hacking for financial gain. Thanks to capabilities such as Lazarus, North Korea is now “probably the most sophisticated bank robber around,” former GCHQ director Robert Hannigan told Tech Monitor earlier this year.

Supply chain attacks, wherein hackers compromise targets through their less-secure suppliers, have grown in volume in recent years. High-profile examples include last year’s attack on IT management vendor Solar Winds, which resulted in more than 30,000 public and private sector organisations being compromised, and the breach at Kaseya MSP, which led to as many as 1,500 of its customers falling victim to ransomware.

Lazarus is not the only APT pursuing supply-chain attacks. Chinese-speaking APT BountyGlad has exhibited “an increase in strategic sophistication” of such attacks, according to an earlier report from Kaspersky Lab. The technique’s growing popularity among APTs is of little surprise, says David Emm, principal security researcher at the company. “If you can go to the head of the stream, then obviously, it gives you scope for targeting people further down that stream.”

But for a group as proficient as Lazarus to be pursuing supply chain attacks is cause for alarm, Emm adds. When a sophisticated threat actor like Lazarus is adopting that kind of approach, then clearly that’s a potential worry because it gives them a springboard into a wider attack surface.”

It is a trend that is likely to continue, says Javvad Malik, lead security awareness advocate at security platform Knowbe4. “Going forward, we can expect that Lazarus and many other groups will turn their attention to attacking companies in the supply chain,” he says. “These are usually smaller companies, or ones which have weaker security controls.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

How to mitigate the risk of supply chain attacks

Already, suppliers are a considerable source of cybersecurity risk. Earlier this year, a survey of 1,200 IT and procurement leaders by security vendor BlueVoyant found that 93% have suffered a cybersecurity breach because of weaknesses in their supply chain or third-party vendors, and 97% have been negatively impacted by a cybersecurity breach that occurred in their supply chain.

Awareness of that risk is improving, however, the survey found: 87% of respondents said that third-party risk was a priority, (either ‘somewhat’ or a ‘key’ priority), up from 65% last year.

In the face of growing supply chain attacks, companies must actively assess and mitigate the cybersecurity risk associated with each of their suppliers, says Emm. “Facilitating certain conditions on contracts when they’re looking to bring a supplier on board, or expecting certain certifications or certain commitments from a supplier [can help].”

Sharing cybersecurity knowledge and expertise with suppliers, who maybe have fewer resources to defend themselves, can also help to reduce these risks, Emm adds. “Sharing your knowledge and capability in terms of the threat landscape is useful for that supplier and helps to make your own system resilient.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.