South Korea’s National Intelligence Service (NIS) shared trends of North Korea’s cyber threat and cases with the country’s information security industry. North Korea recently shifted its strategy by not directly attacking target institutions and instead focusing on security solution developers and updating servers to spread malware.
South Korea’s NIS held a briefing on these matters at the Pangyo Enterprise Support Hub in Seongnam, Gyeonggi on June 17 with members of the Korea Information Security Industry Association (KISIA) in attendance. The NIS explained that North Korea’s hacking attacks, aimed at South Korea’s security products, are on the rise. They introduced new cases of software supply chain attacks that indicate North Korea steals source codes through security company servers and then uses them for attacks.
They also provided guidance on measures to prevent infringement incidents, response procedures, and methods of managing certified products. South Korea’s NIS urged the industry to actively cooperate not only in the safety of security products but also in strengthening the security of the software (SW) supply chain.
The head of the National Cyber Security Center emphasized, “As North Korea’s cyber attack techniques become more sophisticated, software supply chain attacks that infiltrate not only private companies but also national institutions and key infrastructure are expanding. Prioritizing the first line of defense in cyber security, security companies must develop and distribute reliable security solutions.”