T1195.002 - DPRK Threat Intelligence

#T1195.002 Compromise Software Supply Chain

Technique

Tactics: Initial Access
Description:
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.

Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)
First Seen: Lazarus supply‑chain attack in South Korea • 2020-11-16

MITRE ATT&CK

21

Tagged Reports
12

Unique Authors
2,040

Active Days

Tagged Reports

2025-07-15

Socket

Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader

#ContagiousInterview #NPM #XORIndex #T1119 #T1005 #T1059.007 #T1082 #T1083 #T1555.001 #T1041 #T1027.013 #T1546.016 #T1608.001 #T1204.002 #T1555.003 #T1105 #T1657 #T1217 #T1195.002

2025-06-25

Socket

Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages

#BeaverTail #ContagiousInterview #HexEval #NPM #T1119 #T1005 #T1059.007 #T1082 #T1083 #T1555.001 #T1041 #T1027.013 #T1546.016 #T1608.001 #T1204.002 #T1555.003 #T1056.001 #T1105 #T1657 #T1217 #T1195.002

2025-03-10

Socket

Lazarus Strikes npm Again with New Wave of Malicious Package

#Lazarus #NPM #T1119 #T1005 #T1059.007 #T1082 #T1083 #T1555.001 #T1041 #T1027.013 #T1546.016 #T1608.001 #T1204.002 #T1555.003 #T1105 #T1657 #T1217 #T1195.002

2023-04-20

Mandiant

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

#SupplyChain #UNC4736 #YARA #3CXDesktopApp #SmoothOperator #X_Trader #UNC4469 #UNC3782 #T1573 #T1190 #T1608 #T1036 #T1012 #T1588.004 #T1027 #T1622 #T1071 #T1565.001 #T1082 #T1574 #T1614 #T1614.001 #T1620 #T1140 #T1608.003 #T1070.004 #T1036.001 #T1195 #T1071.004 #T1070.001 #T1105 #T1071.001 #T1195.002 #T1588 #T1055 #T1574.002 #T1070 #T1112 #T1083 #T1565 #T1497 #T1573.002 #T1497.001

2023-01-31

ESET

APT ACTIVITY REPORT T3 2022

#Trend #T1102.002 #T1190 #T1027 #T1560.001 #T1567 #T1102 #T1027.002 #T1071 #T1574 #T1566.001 #T1566 #T1553.002 #T1090 #T1027.006 #T1567.002 #T1553 #T1584 #T1218 #T1027.007 #T1505 #T1505.003 #T1113 #T1555 #T1560 #T1071.004 #T1195 #T1204.002 #T1584.006 #T1218.001 #T1195.002 #T1574.002 #T1484.001 #T1484 #T1555.003 #T1204 #T1090.003 #T1003

2020-11-16

ESET

Lazarus supply‑chain attack in South Korea

#SupplyChain #VeraPort #MagicLine4NX #BookCodes #Lazarus #T1055 #T1587.001 #T1547.005 #T1036 #T1553.002 #T1041 #T1106 #T1588.003 #T1573.001 #T1027.002 #T1071.001 #T1584.004 #T1195.002

« Back