North Korea-linked cyber actors attacking software supply chains

Cyber actors linked to North Korea are increasingly targeting software supply chain products to attack organisations around the world. In a joint advisory, the UK’s National Cyber Security Centre and the Republic of Korea’s National Intelligence Service have detailed how DPRK state-linked cyber actors have been using increasingly sophisticated techniques to gain access to victims’ systems.

The actors have been observed leveraging zero-day vulnerabilities and exploits in third-party software to gain access to specific targets or indiscriminate organisations via their supply chains. The NCSC and the NIS consider these supply chain attacks to align and considerably help fulfil wider North Korean priorities, including revenue generation, espionage and the theft of advanced technologies.

The advisory provides technical details about the malicious activity, case studies of recent attacks emanating from the Democratic People’s Republic of Korea and advice on how organisations can mitigate supply chain compromises. The publication follows the announcement of a new Strategic Cyber Partnership between the UK and the Republic of Korea, signed as part of a new accord which sees the two nations commit to working together to tackle common cyber threats.

Paul Chichester, NCSC director of operations, said: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.

“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication. We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”

NCSC says that software supply chain cyber attacks pose a significant threat as they can affect a number of organisations via one initial compromise and can lead to onward attacks, resulting in disruption or ransomware being deployed. They can also be harder for network defenders to detect, as the actors are using legitimate software and hardware to enable the attack.

The advisory warns that the threat from DPRK state-linked actors carrying out these attacks is likely to increase and urges organisations to refer to the NCSC’s supply chain security guidance for advice on how to establish effective control and oversight of supply chains.

Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023