NCSC Warn of Democratic People’s Republic of Korea State-Linked Supply Chain Attacks

NCSC Warn of Democratic People’s Republic of Korea State-Linked Supply Chain Attacks

Daniel Hall 24/11/2023
NCSC Warn of Democratic People’s Republic of Korea State-Linked Supply Chain Attacks

State-linked cyber attacks have increased recently amid geo-political tensions.

The National Cyber security centre (NCSC) and the Republic of Korea have issued a warning of state-linked cyber threats attacking the software supply chain from the Democratic People’s Republic of Korea (DPRK).

The NCSC and the Republic of Korea’s National Intelligence Service (NIS) have issued a joint advisory on advanced methods to attack global organisations, using highly sophisticated techniques, including leveraging zero-day vulnerabilities and third-party software, to gain access to specific targets or indiscriminate organisations via their supply chains.

The NCSC and the NIS view these supply chain attacks as aligning with and significantly contributing to the main priorities of DPRK. These priorities include generating revenue, conducting espionage, and stealing advanced technologies.

Oseloka Obiora, Chief Technology Officer at RiverSafe, commented:

“A supply chain is only as strong as its weakest link and with the latest round of state-linked threats, it is vital that cybersecurity teams are on full alert. Global supply chains are complex webs tied together by digital connections, introducing an array of vulnerabilities that need to be regularly monitored and managed. RiverSafe’s latest research highlighted that only 45 per cent of security teams have a system in place to review the cybersecurity risks posed by immediate suppliers, so it’s no wonder that malicious actors are targeting supply chains as a weak point of entry.”

“To bolster cyber defences, it’s important for security teams to have effective network visibility, through observability, monitoring the conditions of networks and infrastructure based on data outputs. This can give teams the ability to monitor the “unknowns unknowns” to better prepare for unexpected activity or technical issues within a network, especially those across distributed IT systems.”

The warning comes after the recent announcement of a new Strategic Cyber Partnership between the UK and the Republic of Korea. Signed yesterday, as part of a landmark new Accord, both nations committedly collaborated in undertaking shared cyber threats.

The advisory warns that the risk of attacks from DPRK state-linked actors is expected to rise, urging organisations to follow recommended measures for protection. This involves consulting the NCSC's supply chain security guidance, providing advice on establishing strong control and oversight of your supply chain to enhance security.

Paul Chichester, NCSC Director of Operations said:

“In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.“Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK state-linked cyber actors carrying out such attacks with increasing sophistication.“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”

Share this article

Leave your comments

Post comment as a guest

terms and condition.
  • No comments found

Share this article

Daniel Hall

Business Expert

Daniel Hall is an experienced digital marketer, author and world traveller. He spends a lot of his free time flipping through books and learning about a plethora of topics.

Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics