Lazarus Group Exploit MagicLine4NX Flaw to Launch Supply Chain Attacks

27-Nov-23

A joint study from the NCSC and the National Intelligence Service (NIS) of Korea alerts enterprises to the existence of new supply chain assaults that take advantage of a zero-day vulnerability in MagicLine4NX software. These attacks are credited to the Lazarus threat group, which is based in North Korea and goes under the codename Operation Dream Magic.



The research claims that threat actors are using the vulnerability to target enterprises all across the world, with a focus on those in South Korea. Versions of MagicLine4NX earlier than 1.0.026 are affected by the bug. Using a watering hole tactic, the attackers breach a media outlet’s website and insert malicious code into an article to start the attack. The scripts are made to use specific IP ranges to target visitors.

Read More…