North Korea is increasingly targeting software supply chain products to attack around the world, the UK and South Korean authorities have warned.
In a new joint advisory, the National Cyber Security Centre (NCSC) – a part of the UK official monitoring agency GCHQ – and the National Intelligence Service (NIS) have detailed how North Korean state-linked cyber actors have been using increasingly sophisticated techniques to gain access to victims’ systems.
The actors have been observed using zero-day vulnerabilities and exploits in third-party software to gain access to specific targets, or indiscriminate ones via their supply chains. The NCSC and the NIS consider these supply chain attacks to align and considerably help fulfil wider North Korea-state priorities, including revenue generation, espionage and the theft of tech.
The advisory provides technical details about the malicious activity, case studies of recent attacks from North Korea and advice on how to mitigate supply chain compromises. The publication follows the announcement of a Strategic Cyber Partnership between the UK and South Korea.
Paul Chichester, NCSC Director of Operations said: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.
“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication.
“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”
Comment
William Wright, CEO of cyber firm Closed Door Security said: “These warnings from NCSC should not be taken lightly and organisations must take steps to improve their defences against nation state actors. In today’s interconnected world, software supply chains can be long and complex, and one fault in the chain can have a cascading effect on others.
“Just look at MOVEit. It’s been almost six months since the Zero Day was discovered, yet victims are still being announced weekly. When software as ubiquitous as MOVEit has a flaw, multiple organisations can be brought down via a single attack. This means mass destruction, with minimum effort on the attacker side.
“When it comes to defending against supply chain attacks, organisations must know who they are working with and have an inventory of all the software they employ which has access to their data. Keep this information categorised and mapped, so it is easy to see how a vulnerability in a piece of software will impact data.”
He added that it is essential to only work with partners that practice good security hygiene. “After all, their mistakes can easily become yours. Partners should keep their systems up to date with security software and patches and run regular cyber training on their employees. When it comes to software vendors, it’s essential that they follow secure-by-design principles and also run regular tests on their products to identify weaknesses, and patch them, before they are spotted and exploited by maliciously.”
