Security News > 2023 > April > 3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
According to Mandiant, the cybersecurity firm that helped 3CX investigate the incident, the threat group used harvested credentials to move laterally through 3CX's network, eventually breaching both the Windows and macOS build environments.
On March 29, 3CX acknowledged that its Electron-based desktop client, 3CXDesktopApp, had been compromised to distribute malware, one day after news of a supply chain attack surfaced.
It took 3CX more than a week to react to customer reports that its software had been identified as malicious by several cybersecurity companies, including CrowdStrike, ESET, Palo Alto Networks, SentinelOne, and SonicWall.
In response to 3CX's disclosure, a team of security researchers created a web-based tool to assist the company's customers in determining whether their IP address was potentially impacted by the March 2023 supply chain attack.
"The identified software supply chain compromise is the first we are aware of which has led to an additional software supply chain compromise," Mandiant said.
News URL
Related news
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)