top of page
  • Clipeus

Lazarus Exploited MagicLine4NX Vulnerability In Supply Chain Attacks

On 23 November 2023, the United Kingdom's National Cyber Security Centre (NCSC) and South Korea's National Intelligence Service (NIS) released a joint advisory that reconstructed a series of attacks observed since March 2023. The events were attributed to the Democratic People's Republic of Korea (DPRK or North Korea)-linked Lazarus Group.

The attack employed a watering hole technique, compromising a media outlet and subsequently impacting systems that ran vulnerable versions of MagicLine4NX (versions from to were vulnerable). When internet-connected, the impacted system would connect to the attacker-controlled command-and-control (C2) downloading a malicious code. The latter exfiltrated initial beacon data and downloaded and executed encrypted payloads.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page