Thursday 23 Nov 2023 @ 16:05
National Cyber Security Centre
Printable version

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.

  • New joint advisory describes techniques and tactics used by DPRK state-linked cyber actors carrying out software supply chain attacks
  • UK’s National Cyber Security Centre and Republic of Korea’s National Intelligence Service warn that such attacks are growing in sophistication and volume
  • Organisations are encouraged to put security measures in place to reduce the chance of systems and data being compromised

Cyber actors linked to the Democratic People’s Republic of Korea (DPRK) are increasingly targeting software supply chain products to attack organisations around the world, the UK and the Republic of Korea have warned today (Thursday).

In a new joint advisory, the National Cyber Security Centre (NCSC) – a part of GCHQ – and the National Intelligence Service (NIS) have detailed how DPRK state-linked cyber actors have been using increasingly sophisticated techniques to gain access to victims’ systems.

The actors have been observed leveraging zero-day vulnerabilities and exploits in third-party software to gain access to specific targets or indiscriminate organisations via their supply chains.

The NCSC and the NIS consider these supply chain attacks to align and considerably help fulfil wider DPRK-state priorities, including revenue generation, espionage and the theft of advanced technologies.

The advisory provides technical details about the malicious activity, case studies of recent attacks emanating from the DPRK and advice on how organisations can mitigate supply chain compromises.

The publication follows the announcement of a new Strategic Cyber Partnership between the UK and the Republic of Korea, signed yesterday as part of a landmark new Accord, which sees the two nations commit to working together to tackle common cyber threats.

Paul Chichester, NCSC Director of Operations said:

“In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.

“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication.

“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”

Software supply chain cyber attacks pose a significant threat as they can affect a number of organisations via one initial compromise and can lead to onward attacks, resulting in disruption or ransomware being deployed.

They can also be harder for network defenders to detect, as the actors are using legitimate software and hardware to enable the attack.

The advisory warns that the threat from DPRK state-linked actors carrying out these attacks is likely to increase and so organisations should follow the recommended actions to take to protect themselves.

This includes referring to the NCSC’s supply chain security guidance for advice on how to establish effective control and oversight of your supply chain.

The full advisory can be read on the website of the Republic of Korea’s National Cyber Security Centre.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/uk-republic-of-korea-issue-warning-dprk-state-linked-cyber-actors-attacking-software-supply-chains

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

NCSC warns of enduring and significant threat to UK's critical infrastructure

16/11/2023 10:05:00

The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.