Intelligence agencies in South Korea and the United Kingdom issued a joint cybersecurity advisory on Thursday, disclosing hacking techniques adopted by North Korea’s state-sponsored hacking groups.
On November 23, South Korea’s National Intelligence Service (NIS) and the U.K.’s Government Communications Headquarters (GCHQ) jointly published a threat report revealing that North Korea conducted a series of supply chain attacks, targeting popular software.
A supply chain attack is an attempt to break the weakest link in a software chain—in other words, the numerous components made by third-party vendors that constitute the software—through hacking. Once such an attack has succeeded, its impact can be very severe. Specifically, it opens a door that allows threat actors to leverage compromised software in order to use it as a steppingstone to cause further damage or execute future attacks.
In the advisory, the spy agencies referred to two examples: the authentication application MagicLine4NX and the remote communication software 3CX. MagicLine4NX is used by the vast majority of citizens in South Korea while 3CX has 600,000 customers globally. Threat actors exploited vulnerabilities in MagicLine4NX to penetrate South Korean institutions. Moreover, the same actors secretly inserted malicious code into 3CX’s desktop application to steal data from their targets’ web browsers.
The agencies officially confirmed that North Korean hackers were behind these supply chain attacks. They were able to execute the investigation as effectively as they did by pooling their efforts and utilizing the two nations’ security resources to complement one another.
This is the first time that the U.K. government has announced a collective security recommendation with a nation outside the multinational intelligence alliance Five Eyes, comprised of the U.K., the United States, Canada, Australia, and New Zealand. A day before the announcement, the two countries’ leaders had a bilateral summit and signed a new agreement to strengthen their cooperation in cyberspace.
Coinciding with the 140th anniversary of the establishment of diplomatic relations, the Strategic Cyber Partnership between South Korea and the U.K. was signed during South Korean President Yoon Suk-yeol’s visit to the U.K., which took place from November 20 to November 23. On the first day of his trip, Yoon met with the U.K. Prime Minister Rishi Sunak and agreed to enter into a new partnership, the “Downing Street Accord,” which emphasizes increased technology sharing, cooperation in defense, and mutual support for regional security at sea, on land, and in cyberspace. The cyber agreement came two days after the leaders signed the Downing Street Accord.
“This agreement will serve as a bridge for building a cybersecurity cooperation network with the Five Eyes nations,” stated the South Korean presidential office in a statement on Wednesday. “It is also expected to have a positive impact on future cooperation with other friendly countries, such as Australia,” added the office.
Also according to the statement from the office of the president of South Korea, the Strategic Cyber Partnership stands on three pillars—fortifying cyber ecosystem, increasing common interests, responding to cyber threats—with all working together to enhance cyber defense cooperation and increase the two nations’ collective resilience. Based on the agreement, the two countries will open an official channel to share threat intelligence and request support against cyberattacks. The highest offices in national security of both countries will manage the partnership, while the foreign affairs ministries on both sides will provide practical support.
