Security News > 2023 > April > Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X TRADER application.

The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the X TRADER application compromise affected more organizations than 3CX. The names of the organizations were not revealed.

The development comes as Mandiant disclosed that the compromise of the 3CX desktop application software last month was facilitated by another software supply chain breach targeting X TRADER in 2022, which an employee downloaded to their personal computer.

Mandiant's investigation has revealed that the backdoor injected into the corrupted X TRADER app allowed the adversary to gain access to the employee's computer and siphon their credentials, which were then used it to breach 3CX's network, move laterally, and compromise the Windows and macOS build environments to insert malicious code.

ESET, in an analysis of a disparate Lazarus Group campaign, disclosed a new piece of Linux-based malware called SimplexTea that shares the same network infrastructure identified as used by UNC4736, further expanding on existing evidence that the 3CX hack was orchestrated by North Korean threat actors.

The compromise of the X TRADER application further alludes to the attackers' financial motivations.

News URL

https://thehackernews.com/2023/04/lazarus-xtrader-hack-impacts-critical.html