Security News > 2023 > April > 3CX hack caused by trading software supply chain attack

3CX hack caused by trading software supply chain attack
2023-04-20 12:00

An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.

According to Mandiant, the cybersecurity firm that helped 3CX investigate the incident, the threat group used harvested credentials to move laterally through 3CX's network, eventually breaching both the Windows and macOS build environments.

On March 29, 3CX acknowledged that its Electron-based desktop client, 3CXDesktopApp, had been compromised to distribute malware, one day after news of a supply chain attack surfaced.

It took 3CX more than a week to react to customer reports that its software had been identified as malicious by several cybersecurity companies, including CrowdStrike, ESET, Palo Alto Networks, SentinelOne, and SonicWall.

In response to 3CX's disclosure, a team of security researchers created a web-based tool to assist the company's customers in determining whether their IP address was potentially impacted by the March 2023 supply chain attack.

"The identified software supply chain compromise is the first we are aware of which has led to an additional software supply chain compromise," Mandiant said.


News URL

https://www.bleepingcomputer.com/news/security/3cx-hack-caused-by-trading-software-supply-chain-attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
3CX 6 0 16 8 6 30