北韓駭客再找供應鏈開刀,安全身分驗證軟體MagicLine4NX遭駭
· 2023-11-27
英國與南韓警告北韓駭客利用南韓身分驗證軟體MagicLine4NX的零時差漏洞,作為攻擊特定目標的跳板
/ROK-UK Joint Cyber Security Advisory
在此一攻擊行動中,駭客先是透過水坑攻擊過濾了受害者,接著再針對特定目標執行額外的攻擊行動,攻陷了第一個供應鏈產品的零時差漏洞之後,再感染第二個供應鏈產品,利用連網系統的零時差漏洞與合法功能入侵內部網路。
另一個也被NCSC與NIS歸類為出自北韓駭客之手的,是3CX所打造的桌面程式Electron,駭客在今年3月於Electron的更新程式中植入了惡意程式,手法類似訊連科技遭駭的過程。
NCSC與NIS建議,各大組織都應安裝所有軟體的安全更新,採用雙因素身分驗證,亦應監控網路基礎設施以觀察可疑流量,以防範相關攻擊。
熱門文章
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Indiana online casino bill stalls in House committee
Regulation
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
British gambling levy rates confirmed for each vertical
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Kazakhstan plans to penalise online casino promotions
Regulation
