The United Kingdom and South Korea have issued a joint advisory warning about software supply chain attacks from North Korean (DPRK) state-linked hackers. This announcement comes as the two nations pledge to work together to disrupt and deter malicious cyber capabilities and activities that contribute to the DPRK’s WMD programs.
Recent incidents have been attributed to North Korean state-linked threat actors, with companies such as JumpCloud and 3CX being targeted. These hacks include the compromise of widely-used services to subsequently attack the service’s users. The FBI revealed that attacks on cryptocurrency companies in June were conducted by North Korean government hackers.
North Korea has consistently denied involvement in these activities, despite evidence to the contrary. The National Intelligence Service of Korea and Britain’s National Cyber Security Centre have warned that supply chain attacks from DPRK state-linked cyber actors have increased in volume and sophistication, and urged organizations to follow mitigative actions in the advisory to improve their resilience to attacks.
In addition to the advisory, the U.S. unsealed an indictment charging three North Korean hackers with stealing and extorting more than $1.3 billion from financial institutions and cryptocurrency exchanges. Indictment also detailed allegations about their involvement in multiple cyber activities, including the attack on Sony Pictures and the WannaCry ransomware incident. In May, the U.S. Treasury announced sanctions on four entities that employ thousands of North Korean IT workers who help illicitly finance the regime’s missile and WMD programs.