Security News > 2023 > November > UK and South Korea: Hackers use zero-day in supply-chain attack
The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack.
State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.
In March 2023, it was discovered that "Labyrinth Chollima," a subgroup of Lazarus, conducted a supply chain attack against VoIP software maker 3CX to breach multiple high-profile companies worldwide.
Last Friday, Microsoft disclosed a supply chain attack on CyberLink that the Lazarus hacking group used to distribute trojanized, digitally-signed CyberLink installers to infect at least a hundred computers with the 'LambLoad' malware.
Microsoft: Lazarus hackers breach CyberLink in supply chain attack.
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)