2023-11-23 • KRNCSC •
https://www.ncsc.go.kr:4018/main/cop/bbs/selectBoardArticle.do?bbsId=SecurityAdvice_main&nttId=93472
For software supply chain attacks, DPRK state-linked cyber actors have used zero-day exploits and newly published vulnerabilities and tools, as well as exploited multiple vulnerabilities in series, to precisely attack a specific target. See the IoC section for C2 server, MD5 hashes, encryption algorithms, and file certificates. From here, an actor can indiscriminately target a number of organisations and users, and their attacks can be expanded or shifted to a ransomware attack to demand money or cause a system disruption. • Monitor network infrastructure so that traffic from supply chain software applications is trusted but any anomalous traffic can be detected.