This article is a Joint Cybersecurity Advisory published by the National Intelligence Service (NIS) of the Republic of Korea and Bundesamt für Verfassungsschutz (BfV) of the Federal Republic of Germany. The authors specifically focuses on the tactics, techniques and procedures (TTPs) of cyber actors attributed to North Korea, who target the defense sector. Two case studies are used to explain how the threat actors have utilized supply-chain and social engineering attacks to infiltrate different organizations. A supply-chain attack utilized the research center’s web server maintenance company to gain remote access to the server and download software, an action which allowed for the extraction of credentials and sensitive files. Even after the remote access was blocked, the attack was still maintained by the threat actor through the downloaded software and phishing campaigns. The article concludes, that scrutiny of maintenance services should be prioritized in an increasingly remote market. The second case study, Operation Dream Job, is a social engineering attack carried out by LAZARUS. The threat actor would create a fake profile on a job posting and offer jobs to employees at their target companies. They would then offer the employee a job and send a maleware-infused pdfs and job
links. The article recommends that companies maintain clear access and privilege limitations for sensitive information and user permissions.
Author:
National Intelligence Service of the Republic of Korea and Bundesamt für Verfassungsschutz of the Federal Republic of Germany
