Security News > 2024 > February > North Korean hackers linked to defense sector supply-chain attack

In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.
Today's joint cybersecurity advisory highlights two cases attributed to North Korean actors, one of them the Lazarus group, to provide the tactics, techniques, and procedures used by the attackers.
According to the advisory, the first case refers to an incident that occurred at the end of 2022, when "a North Korean cyber actor intruded systems of a research center for maritime and shipping technologies" and "Executed a supply-chain attack" by compromising the firm that managed the target organization's web server maintenance operations.
The intruder followed an attack chain that included stealing SSH credentials, abusing legitimate tools, moving laterally on the network, and trying to remain hidden on the infrastructure.
The second example shows that Lazarus group's "Operation Dream Job," a tactic the North Korean actors are known to use against employees of cryptocurrency firms and software developers, was also used against the defense sector.
North Korean hackers now launder stolen crypto via YoMix tumbler.
News URL
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)