The UK’s National Cyber Security Centre (NCSC) and the Republic of Korea’s National Intelligence Service have issued a Joint Advisory Warning that the Democratic People’s Republic of Korea (DPRK) are increasingly targeting software supply chain products to attack organisations worldwide.
The joint advisory explains how the DPRK cyber actors carry out these attacks and outlines the broader motives around state priorities, such as revenue generation, espionage and the theft of advanced technologies. The joint advisory outlines the techniques and tactics being used, with examples of recent attacks. The advisory outlines recommended mitigation measures that organisations can take to protect themselves, with particular reference to the NCSC’s supply chain security guidance.
The Joint Advisory follows the launch of a new Strategic Cyber Partnership between the UK and the Republic of Korea, where both nations have agreed a landmark accord to collaborate and tackle mutual cyber threats.