Critical Infrastructure Organizations Further Affected in 3CX Breach
As investigations continue, researchers find confirmation in their suspicions of a sprawling attack affecting multiple organizations.
Just a month after the North Korea-linked APT hacker group known as Lazarus targeted 3CX in a supply chain attack, Symantec's researchers have found that two infrastructure organizations as well as two businesses involved in financial trading were affected in the same attack.
The initial compromise that affected 3CX — also known as the X-Trader software supply chain attack and first discovered by Mandiant researchers — was a supply chain compromise that "spread malware via a Trojanized version of 3CX's legitimate software that was available to download from their website." This breach caused customers to download malicious versions of the company's video-calling software.
As the investigation unfolds with new information, the names of the two critical infrastructure organizations affected have not been revealed, but they are in the power and energy sector, in the US and Europe, respectively. The attack seems to be financially motivated; while North Korea-sponsored threat actors engage in cyber espionage, they also go after funds for the regime.
If important organizations are being targeted now, it could lead to further exploitation in the future, researchers are warning.
"The impact from these infections is unknown at this time — more investigation is required and is on-going," said Eric Chien, director of security response at Symantec, after stating that the attacks occurred between September and November last year.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024