North Korean Hacking Alert Sounded by UK and South Korea

North Korean state-affiliated hackers are continuing to exploit zero-days in popular software applications as part of global supply chain attack campaigns for espionage and financial theft purposes, British and South Korean cyber agencies warned in an alert on Thursday.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

In a joint alert, Britain’s National Cyber Security Centre and South Korea’s National Intelligence Service warned Pyongyang-affiliated hackers are targeting victims by exploiting vulnerabilities in their third-party software applications and supply chains.

These campaigns further the North Korean regime’s priorities of “revenue generation, espionage and the theft of advanced technologies,” officials said.

“In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organizations,” said Paul Chichester, NCSC’s director of operations.

The report did not name any specific advanced persistent groups tied to these campaigns, although does cite the recent attack against financial trading software developer 3CX as example of these large-scale supply chain attacks. The Cyprus-based software vendor, whose…