The National Intelligence Service (NIS), in collaboration with the UK's Government Communications Headquarters (GCHQ), released its first joint 'Cyber Security Advisory' on Thursday.
This is the first time UK has collaborated with a country outside of the Five Eyes intelligence alliance (US, UK, Canada, Australia, and New Zealand).
The two nations' cyber security and intelligence agencies announced that they have identified a North Korean hacking group's modus operandi targeting general purpose software supply chain products.
"The issuance of the security advisory with the UK cyber security agency reveals the strong commitment of both countries in deterring cyber threats posed by North Korea," said Kim Kyu-hyun, head of the NIS. "We will continue to do our best to prevent and block any international cyber security threats."
According to the two agencies, the North Korean hacking group utilized a watering-hole method to hack into a website and gain access to an institution's Internet PC. A watering hole attack is a form of cyberattack that targets groups of users by infecting websites that they commonly visit.
The group then took advantage of security authentication software and network connection system vulnerabilities to access the internal network and steal data. It also targeted the 3CX Desktop App, a video communication software which is widely used by 600,000 companies and organizations in fields such as aerospace and healthcare.
The North Korean hacking group hid malware in the 3CX installer. As a result, many customers who visited the official 3CX website were infected. The malware remained dormant for at least seven days before being activated, during which time it stole the victims' 3CX account information as well as their web browser data.
The agencies said they are currently responding through 3CX software updates and urged users to update their antivirus software to prevent similar incidents.
They also requested the implementation of preventive measures, including updating MagicLine4NX, a security authentication software used by tens of millions of people in Korea, and verifying unauthorized services and communications of network separation equipment.
This article was originally published on Nov. 23, 2023.