보도자료250304.hwp (8 MB)

South Korea’s National Intelligence Service warns that North Korean hacking groups are using software supply-chain weaknesses to steal confidential data and core technology from government agencies and advanced enterprises. The advisory describes three intrusion patterns: compromising IT service providers to pivot into customer networks, exploiting vulnerabilities in IT solutions and business software, and abusing weak organizational security controls such as exposed administrator pages or poor credential practices. It recommends stronger access controls, software patching, vulnerability checks, security education, and tighter management of external maintenance paths.