Friday, June 14, 2024

North Korean Hackers Exploiting Zero-day Vulnerabilities & Supply Chains

The DPRK has been a great threat to organizations in recent times. Their attack methods have been discovered with several novel techniques involving different scenarios.

Their recent attack method was associated with fake candidates and employers for supply chain attacks.

A recent joint security advisory from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the National Intelligence Service (NIS) provided insight into how DPRK threat actors use complicated techniques to control victims’ systems.

Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Software Supply Chain Attacks & Zero Days Leveraged

In addition to this, the DPRK threat actors have been found to be using zero-day vulnerabilities and exploits that exist in third-party software to gain access to specific targets through their supply chains.

These supply chain attacks were suspected to be associated with broader DPRK-state intentions, which could be generating revenue, engaging in cyber espionage, or stealing advanced technology.

The joint advisory also provided technical details about the malicious activities, recent attack case studies of attacks emerging from the DPRK, and how these attacks can be mitigated.

Software supply chain attacks could prove disastrous as there is a high possibility of massive device compromise involving multiple organizations that use the same software or library.

Moreover, there is also a high chance that these supply chains can be used for ransomware attacks.

The complete joint security advisory has been published, providing detailed information on the vulnerabilities used by the DPRK for exploitation, supply chain, and other information.

Indicators of Compromise

Supply chain attacks with zero-day vulnerabilities

C2[C2 URL]/search/sch-result3.aspHTTPS communication
Decryption Key0x0c2a351837454a2661026f162530361a394e1d143334ChaCha20 Key1
0x0102350423062f085c000e02ChaCha20 Key2
MD5 hashes316c088874a5dfb8b8c1c4b259329257Downloader (SamsungDeviceControl.exe)
Rogue certificateSamsung SDS Co., LtdEntity
0139981ad983bf73e9514d2d4237929eSerial no.
2022.12.13 ~ 2023.07.20Start date to expiration date

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles