South Korea, UK warn of North Korea’s hacking attacks after signing new cyber agreement

South Korea, UK warn of North Korea’s hacking attacks after signing new cyber agreement
South Korean President Yoon Suk-yeol, left, and Prime Minister of the United Kingdom Rishi Sunak on November 22. The two leaders signed the Strategic Cyber Partnership at this meeting. Source: South Korean presidential office

By Dain Oh, The Readable
Nov. 23, 2023 9:00PM GMT+9 Updated Nov. 24, 2023 10:00AM GMT+9

Intelligence agencies in South Korea and the United Kingdom issued a joint cybersecurity advisory on Thursday, disclosing hacking techniques adopted by North Korea’s state-sponsored hacking groups.

On November 23, South Korea’s National Intelligence Service (NIS) and the U.K.’s Government Communications Headquarters (GCHQ) jointly published a threat report revealing that North Korea conducted a series of supply chain attacks, targeting popular software.

A supply chain attack is an attempt to break the weakest link in a software chain—in other words, the numerous components made by third-party vendors that constitute the software—through hacking. Once such an attack has succeeded, its impact can be very severe. Specifically, it opens a door that allows threat actors to leverage compromised software in order to use it as a steppingstone to cause further damage or execute future attacks.

In the advisory, the spy agencies referred to two examples: the authentication application MagicLine4NX and the remote communication software 3CX. MagicLine4NX is used by the vast majority of citizens in South Korea while 3CX has 600,000 customers globally. Threat actors exploited vulnerabilities in MagicLine4NX to penetrate South Korean institutions. Moreover, the same actors secretly inserted malicious code into 3CX’s desktop application to steal data from their targets’ web browsers.

The agencies officially confirmed that North Korean hackers were behind these supply chain attacks. They were able to execute the investigation as effectively as they did by pooling their efforts and utilizing the two nations’ security resources to complement one another.

This is the first time that the U.K. government has announced a collective security recommendation with a nation outside the multinational intelligence alliance Five Eyes, comprised of the U.K., the United States, Canada, Australia, and New Zealand. A day before the announcement, the two countries’ leaders had a bilateral summit and signed a new agreement to strengthen their cooperation in cyberspace.

South Korean President Yoon Suk-yeol, left, and Prime Minister of the United Kingdom Rishi Sunak on November 22. The two leaders signed the Strategic Cyber Partnership at this meeting. Source: South Korean presidential office

Coinciding with the 140th anniversary of the establishment of diplomatic relations, the Strategic Cyber Partnership between South Korea and the U.K. was signed during South Korean President Yoon Suk-yeol’s visit to the U.K., which took place from November 20 to November 23. On the first day of his trip, Yoon met with the U.K. Prime Minister Rishi Sunak and agreed to enter into a new partnership, the “Downing Street Accord,” which emphasizes increased technology sharing, cooperation in defense, and mutual support for regional security at sea, on land, and in cyberspace. The cyber agreement came two days after the leaders signed the Downing Street Accord.

“This agreement will serve as a bridge for building a cybersecurity cooperation network with the Five Eyes nations,” stated the South Korean presidential office in a statement on Wednesday. “It is also expected to have a positive impact on future cooperation with other friendly countries, such as Australia,” added the office.

Also according to the statement from the office of the president of South Korea, the Strategic Cyber Partnership stands on three pillars—fortifying cyber ecosystem, increasing common interests, responding to cyber threats—with all working together to enhance cyber defense cooperation and increase the two nations’ collective resilience. Based on the agreement, the two countries will open an official channel to share threat intelligence and request support against cyberattacks. The highest offices in national security of both countries will manage the partnership, while the foreign affairs ministries on both sides will provide practical support.

ohdain@thereadable.co

This article was copyedited by Arthur Gregory Willers.


Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.