Top 5 This Week

Related Posts

Lazarus Group’s Advanced Supply-Chain Cyberattacks

Getting your Trinity Audio player ready...


Exploiting Zero-Day Vulnerabilities: Lazarus Group’s Advanced Supply-Chain Cyberattacks

The UK’s National Cyber Security Centre (NCSC) and South Korea’s National Intelligence Service (NIS) have issued a critical warning about the North Korean Lazarus hacking group. This notorious group is reportedly conducting sophisticated supply-chain attacks by exploiting a zero-day vulnerability – A Buffer overflow vulnerability (CVE-2023-45797) in MagicLine4NX, a widely used security authentication software developed by South Korean firm Dream Security.

These attacks primarily target South Korean institutions and leverage the zero-day flaw to gain unauthorized access to internal networks. The advisory details that in March 2023, cyber actors successfully accessed the intranet of a target organization by exploiting vulnerabilities in both the MagicLine4NX program and a network-linked system.

The attack commenced with the compromise of a media website, embedding malicious scripts into an article, leading to a ‘watering hole’ attack. Victims from designated IP ranges, upon accessing the article, unknowingly triggered the vulnerability in MagicLine4NX, versions before

This initiated a connection to the attacker’s command and control (C2) server, facilitating unauthorized access to an internet-connected server. The attackers then utilized a data synchronization function to disseminate information-stealing code to the internal business server, effectively breaching the organizational PCs.

The malware deployed includes capabilities for reconnaissance, data exfiltration, downloading, executing encrypted payloads, and lateral movement within the network. The attack, codenamed ‘Dream Magic’, is attributed to the Lazarus group and is thoroughly detailed in an AhnLab report (Korean).

Notably, Lazarus’s operations often involve complex supply-chain attacks and zero-day exploit utilization. In March 2023, the subgroup “Labyrinth Chollima” attacked VoIP software maker 3CX, compromising several global entities. Additionally, Microsoft recently uncovered a CyberLink supply-chain attack distributing trojanized installers by Lazarus to infect systems with ‘LambLoad’ malware.

These strategically targeted attacks, aimed at espionage, financial fraud, or cryptocurrency theft, are reportedly used to fund North Korea’s state operations. The Cybersecurity Advisory (CSA) highlights the significance of these operations in supporting DPRK’s national objectives, including cyber activities against US and South Korean government networks.

Cogeanu Marius
Cogeanu Marius
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


Please enter your comment!
Please enter your name here

Popular Articles