South Korea’s National Intelligence Service (NIS) has recently detected advanced hacking attempts by North Korean cyber groups targeting critical government agencies and high-tech enterprises to steal confidential data and core technologies. In response, the NIS has urged affected industries to strengthen their cybersecurity measures.
According to a press release on Tuesday, North Korean hacking groups primarily use three key attack methods to infiltrate software supply chains: breaching IT service providers to bypass security measures of government agencies and corporations, exploiting vulnerabilities in IT solutions and software, and taking advantage of security mismanagement in organizations and businesses. These tactics enable unauthorized access to sensitive information, resulting in major security breaches.
A notable example of this attack methodology occurred in October 2024 when a North Korean cyber group hacked the email account of an employee at Company A, an IT maintenance provider for a local government network. The attackers extracted stored login credentials from the email and used them to gain unauthorized remote access to the local government’s network management server. Their goal was to steal administrative documents, but the intrusion was detected and blocked before data could be exfiltrated.
In January 2025, a similar incident occurred when hackers exploited a security lapse at Company B, an IT infrastructure maintenance firm. The company delivered a Network-Attached Storage (NAS) device to a client but failed to change the default administrator password. This oversight allowed attackers to gain unauthorized access to the client’s storage system and attempt to steal sensitive blueprints. However, timely intervention prevented the compromise of any core technology, according to the NIS.
Another common tactic is exploiting vulnerabilities in IT solutions and software. A single breach in a widely used system can expose vast amounts of internal data. In January 2025, a North Korean hacking group attempted to infiltrate Company C, a biopharmaceutical firm, by targeting its centralized document management system. Their objective was to steal research and development data, but the attack was stopped before any information was compromised.
A similar attack took place in February 2025, when hackers exploited a vulnerability in the groupware system used by Company D, a defense subcontractor. They installed malware to monitor employee emails and extract internal network diagrams. However, routine cybersecurity checks detected the breach in time, preventing any data loss.
In addition to exploiting software vulnerabilities, these cyber groups take advantage of poor security management within organizations. Weak passwords, lax security protocols, and employees unknowingly opening phishing emails create easy entry points for attackers.
In February 2025, hackers targeted Company E, a mobile identity verification service provider, after an administrative web page was left exposed online without proper access restrictions. Using open-source security search engines, they identified and analyzed the vulnerability in an attempt to extract subscriber data from the database. However, security teams detected the intrusion and blocked it before any data was compromised.
That same month, hackers targeted Company F, a cybersecurity solutions provider, stealing its software code-signing certificate. They attempted to use the certificate to distribute malware disguised as legitimate security software, allowing it to bypass antivirus defenses. However, the fraudulent software was detected early, preventing widespread distribution.
As North Korean cyber groups refine their attack methods to infiltrate critical systems, the NIS has urged organizations to take proactive steps to mitigate the risks of software supply chain attacks. These measures include strengthening IT service provider security by enforcing stricter protocols, enhancing employee cybersecurity training, and blocking unauthorized external access. Additionally, applying timely security updates, restricting remote administrative access, and conducting regular vulnerability assessments can prevent attackers from exploiting software weaknesses. Internal security management should also be reinforced with strong password policies, regular security audits, and ongoing employee education on cybersecurity threats.
Yoon Oh-jun, the Third Deputy Director of the NIS, emphasized that software supply chain attacks can have far-reaching consequences, impacting both IT providers and end users. He stated that the government is committed to strengthening supply chain security through the Joint Government Task Force on Supply Chain Security, launched last September. By 2027, the government aims to institutionalize a comprehensive software supply chain security framework to enhance national cybersecurity resilience.
The NIS has shared detailed threat intelligence and security advisories via the National Cyber Security Center website and the Cyber Threat Intelligence Sharing System (KCTI).
Editor’s note: This article was initially written by ChatGPT-4o based on the author’s specific instructions, which included news judgment, fact-checking, and thorough editing before publication.
