The UK and South Korea have issued warnings that cyber attacks by North Korean state-linked groups are becoming more sophisticated and widespread.
The two countries' cyber security and intelligence agencies have issued a new joint advisory urging organisations to strengthen their security measures in order to minimise the risk of their systems being compromised.
According to the UK's National Cyber Security Centre (NCSC), which is part of GCHQ, and the South Korean National Intelligence Service (NIS), hackers have been leveraging previously unknown vulnerabilities and exploits in third-party software in their supply chains to gain access to an organisation's systems.
Both agencies expressed concern that such assaults on the software-based supply chain pose a particularly major threat because a single initial breach can affect a number of organisations and lead to subsequent attacks, resulting in greater disruption or the deployment of ransomware.
The joint advisory warns that organisations should take measures to safeguard themselves as these kinds of attacks, which are backed by North Korea, are likely to escalate.
Paul Chichester, NCSC director of operations, stated: “In an increasingly digital and interconnected world, software supply chain attacks can have profound, far-reaching consequences for impacted organisations.
"Today, with our partners in the Republic of Korea, we have issued a warning about the growing threat from DPRK (North Korea) state-linked cyber actors carrying out such attacks with increasing sophistication.
“We strongly encourage organisations to follow the mitigative actions in the advisory to improve their resilience to supply chain attacks and reduce the risk of compromise.”
President Yoon Suk Yeol of South Korea is currently on a state visit to the UK. This joint advisory marks the first time the NCSC has issued a warning of this nature without collaboration from other Five Eyes agencies in Australia, Canada, New Zealand, and the US.
This is not the first instance that hackers have targeted their enemies. In 2017, North Korea launched a cyberattack on global hospitals, businesses, and banks. And in 2014, its hackers reportedly targeted Sony Pictures in retaliation for a satirical film about their leader, Kim Jong Un.