Targeting of South Korean supply chains using stolen security certificates
Date of report
  • November 2020
The North Korean threat actor Lazarus Group targeted South Korean users of WIZVERA VeraPort software, commonly used by South Korean banking and government websites, by compromising websites with VeraPort support. Using stolen security certificates, hackers installed malware onto victims’ devices when they visited the compromised websites.  
Suspected victims
  • South Korean visitors to government and banking websites
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown