Security News > 2023 > April > 3CX confirms North Korean hackers behind supply chain attack
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack.
"Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus," 3CX CISO Pierre Jourdan said today.
3CX is yet to disclose how the supply chain attack was conducted in the first place, whether its development environment was compromised or through some other method.
Since the attack was first disclosed, Kaspersky also discovered that a backdoor known as Gopuram, used by the North Korean-backed Lazarus hacking group against cryptocurrency companies since at least 2020, was also dropped as a second-stage payload in the same incident onto the compromised devices of a limited number of 3CX customers.
3CX first confirmed its 3CXDesktopApp Electron-based desktop client was compromised in a supply chain attack to deploy malware one day after news of the attack surfaced on March 29 and over a week after customers began reporting the software was being tagged as malicious by security solutions from SentinelOne, CrowdStrike, ESET, Palo Alto Networks, and SonicWall.
Security researchers have also created a web-based tool to help 3CX users find out if the March 2023 supply chain attack has potentially impacted their IP address.
News URL
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)