Lazarus Group Exploitation of MagicLine4NX Vulnerability

ZeroFox Intelligence Brief - Lazarus Group Exploitation of MagicLine4NX Vulnerability

Product Serial: B-2023-12-01c

TLP:CLEAR

In this Intelligence Brief, ZeroFox researchers discuss a joint advisory on a zero-day vulnerability in the security authentication tool MagicLine4NX.

Standing Intelligence Requirements

Deep Dark Web and Criminal Underground

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here.

Key Findings

• On November 23, 2023, intelligence agencies from the United Kingdom (UK) and South Korea released a joint cybersecurity advisory highlighting recent supply chain attacks utilizing a zero-day vulnerability in security authentication tool MagicLine4NX.
• Agencies and organizations have attributed the use of this vulnerability to the North Korean-linked Advanced Persistent Threat (APT) group Lazarus, which has grown adept at leveraging zero-day vulnerabilities to conduct supply chain attacks for financial gain.
• The exploit is currently tracked as CVE-2023-45797 and is a buffer overflow vulnerability that allows an attacker to remotely execute code affecting versions 1.0.0.1 to 1.0.0.26 of the MagicLine4NX software.
• While most notable activity has been tracked within the past year, Lazarus Group may have been exploiting a separate vulnerability within MagicLine4NX in 2021.