Security News > 2024 > February > North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.
Today's joint cybersecurity advisory highlights two cases attributed to North Korean actors, one of them the Lazarus group, to provide the tactics, techniques, and procedures used by the attackers.
According to the advisory, the first case refers to an incident that occurred at the end of 2022, when "a North Korean cyber actor intruded systems of a research center for maritime and shipping technologies" and "Executed a supply-chain attack" by compromising the firm that managed the target organization's web server maintenance operations.
The intruder followed an attack chain that included stealing SSH credentials, abusing legitimate tools, moving laterally on the network, and trying to remain hidden on the infrastructure.
The second example shows that Lazarus group's "Operation Dream Job," a tactic the North Korean actors are known to use against employees of cryptocurrency firms and software developers, was also used against the defense sector.
North Korean hackers now launder stolen crypto via YoMix tumbler.
News URL
Related news
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Defense strategies to counter escalating hybrid attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)