Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. The attacks use stolen certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked. The software, called Wizvera VeraPort, is used by South Korean government websites and requires visitors to use a VeraPort browser plug in for identity verification. Researchers believe this is likely accomplished via tried-and-true spear-phishing attacks.
Source: https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/