Britain and South Korea warn North Korean hackers of exploiting zero-day vulnerability in South Korean identity verification software MagicLine4NX as a springboard to attack specific targets
/ROK-UK Joint Cyber Security AdvisoryIn this attack, the hacker first filtered the victims through a watering hole attack, and then carried out additional attacks against specific targets. After compromising the zero-day vulnerability of the first supply chain product, the second supply chain product was infected, and the zero-day vulnerability and legitimate functions of the networked system were used to invade the internal network. Another hacker that was also classified by the NCSC and NIS as being from North Korean hackers was the desktop program Electron created by 3CX. The hacker implanted a malicious program in the update program of Electron in March this year, similar to the hacking process of CyberLink. NCSC and NIS recommend that organizations install security updates for all software, use two-factor authentication, and monitor network infrastructure for suspicious activity.flow, to prevent related attacks.
