The DPRK has been a great threat to organizations in recent times. Their attack methods have been discovered with several novel techniques involving different scenarios.
Their recent attack method was associated with fake candidates and employers for supply chain attacks.
A recent joint security advisory from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the National Intelligence Service (NIS) provided insight into how DPRK threat actors use complicated techniques to control victims’ systems.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
In addition to this, the DPRK threat actors have been found to be using zero-day vulnerabilities and exploits that exist in third-party software to gain access to specific targets through their supply chains.
These supply chain attacks were suspected to be associated with broader DPRK-state intentions, which could be generating revenue, engaging in cyber espionage, or stealing advanced technology.
The joint advisory also provided technical details about the malicious activities, recent attack case studies of attacks emerging from the DPRK, and how these attacks can be mitigated.
Software supply chain attacks could prove disastrous as there is a high possibility of massive device compromise involving multiple organizations that use the same software or library.
Moreover, there is also a high chance that these supply chains can be used for ransomware attacks.
The complete joint security advisory has been published, providing detailed information on the vulnerabilities used by the DPRK for exploitation, supply chain, and other information.
| Section | IoC | Note |
| C2 | [C2 URL]/search/sch-result3.asp | HTTPS communication |
| Decryption Key | 0x0c2a351837454a2661026f162530361a394e1d143334 | ChaCha20 Key1 |
| 0x0102350423062f085c000e02 | ChaCha20 Key2 | |
| MD5 hashes | 316c088874a5dfb8b8c1c4b259329257 | Downloader (SamsungDeviceControl.exe) |
| 33ca34605e8077047e30e764f5182df0 | Downloader (SamsungDevicePanel.exe) | |
| Rogue certificate | Samsung SDS Co., Ltd | Entity |
| 0139981ad983bf73e9514d2d4237929e | Serial no. | |
| 2022.12.13 ~ 2023.07.20 | Start date to expiration date |
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…