2025-05-19
Sakai
북한 김수키(Kimsuky) CJ올리브네트웍스 인증서 악용한 기계연 공격 악성코드-20250428 플x아이 작업계획서 및 작업완료서_기계연 이X화.scr(2025.5.7)
#CJOliveNetworks
#Kimsuky
CJOliveNetworks
#CJOliveNetworks
- Reported: 2025-05
- Locations: Korea, Republic of
- Motivations: #SupplyChain
- Sectors: #Technology
Summary
In late April 2025, a North Korean hacking group known as Kimsuky compromised CJ OliveNetworks' digital certificate, which is used to verify the authenticity of software. The stolen certificate was found embedded in malware, suggesting it was used to disguise malicious files as legitimate CJ software. Chinese cybersecurity firm RedDrip Team reported that Kimsuky attempted to use this compromised certificate to target the Korea Institute of Machinery and Materials, a national research institution. Upon discovering the breach, CJ OliveNetworks promptly revoked the affected certificate, which was originally issued for software development and distribution. The company manages IT infrastructure for major CJ affiliates and provides B2B solutions such as smart factories and logistics automation systems.