ROK-UK Joint Cyber Security Advisory(DPRK S/W supply chain attacks)
Contents
DPRK state-linked cyber actors conduct software
supply chain attacks
Overview
The National Intelligence Service (NIS) of the Republic of Korea (ROK) and the National
Cyber Security Centre (NCSC) of the United Kingdom (UK) have identified Democratic
People’s Republic of Korea (DPRK) state-linked cyber actors targeting software supply
chain products, widely used by government organisations, financial institutions and
defence industry companies globally.
The NIS and the NCSC are releasing this joint Cybersecurity Advisory (CSA) to help
prevent compromise and raise public awareness. It includes DPRK state-linked cyber
actors’ tactics, techniques and procedures (TTPs) used in their global supply chain
attacks, as well as preventative measures to help avoid such attacks.
Further Details
In recent years, supply chain attacks from DPRK state-linked cyber actors have steadily
increased in volume and have become more sophisticated. The malicious actors utilise
tactics including zero-day attacks and multiple exploits to attack software supply chain
products, used by a number of international organisations.
23 Nov 2023
2
The NIS and the NCSC consider these supply chain …
supply chain attacks
Overview
The National Intelligence Service (NIS) of the Republic of Korea (ROK) and the National
Cyber Security Centre (NCSC) of the United Kingdom (UK) have identified Democratic
People’s Republic of Korea (DPRK) state-linked cyber actors targeting software supply
chain products, widely used by government organisations, financial institutions and
defence industry companies globally.
The NIS and the NCSC are releasing this joint Cybersecurity Advisory (CSA) to help
prevent compromise and raise public awareness. It includes DPRK state-linked cyber
actors’ tactics, techniques and procedures (TTPs) used in their global supply chain
attacks, as well as preventative measures to help avoid such attacks.
Further Details
In recent years, supply chain attacks from DPRK state-linked cyber actors have steadily
increased in volume and have become more sophisticated. The malicious actors utilise
tactics including zero-day attacks and multiple exploits to attack software supply chain
products, used by a number of international organisations.
23 Nov 2023
2
The NIS and the NCSC consider these supply chain …