North Korea-backed threat actors are increasingly targeting software supply chains to attack organisations on a global basis, and becoming far more adept at doing so, the UK's National Cyber Security Centre (NCSC) has warned in a joint advisory with South Korea's National Intelligence Service (NIS).
In the bulletin, the NCSC and the NIS describe how North Korean advanced persistent threat (APT) actors - the likes of Lazarus being the most well-known - are now leveraging more zero-day vulnerabilities and exploits in third-party software to gain access to specific targets, or indiscriminate organisations, through their suppliers.
"In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations," said NCSC operations director Paul Chichester. "Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication. We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise."
[
Collection
]
[
|
...
]