According to a Symantec report, the hacking group responsible for the supply chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two commercial financial organizations using the trojanized application X_TRADER.
Among the two critical infrastructure organizations affected, one is in the US and the other is in Europe, Symantec told Bleeping Computer.
The report of other organizations that have also been breached comes a day after Mandiant revealed that the X_TRADER trojanized application was the cause of the 3CX breach.
“The attackers behind these breaches clearly have a successful template for software supply chain attacks, and further similar attacks cannot be ruled out,” Symantec said in its report.
Last month, several security researchers reported that the 3CX desktop application contained malware. The company confirmed the same and released an update for the desktop app.
Attacks attributed to Llàtzer’s group
Based on the methodology, Mandiant has attributed the attacks to the North Korean hacking group Lazarus. Symantec also agrees that the attackers appear to be linked to North Korea.
“The attack on the X_Trader (X_TRADER) supply chain appears likely to be financially motivated, as Trading Technologies, the developer of X_Trader (X_TRADER), facilitates the trading of futures, including energy futures,” Symantec said in the report, adding that North Korea’s sponsor. Actors are known to engage in both espionage and financially motivated attacks.
“It cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation,” Symantec said.
Initiated by prior supply chain commitment
According to Mandiant, the 3CX supply chain compromise attack was carried out when hackers gained access to the company’s network and systems as a result of a software supply chain attack different that involved a third-party application for futures trading.
Hackers gained access to 3CX’s network after one of the company’s employees installed a futures trading platform called Trading Technologies’ X_TRADER on his personal computer in 2022.
This software had been trojanized with a backdoor as part of a separate attack on the software supply chain. The X_TRADER software was discontinued in 2020, but was still available for download from the company’s website in 2022.
This is the first supply chain compromise attack, which has led to a cascading software supply chain compromise, Mandiant said in the report. The attackers were able to gain lateral movement into the 3CX network and inject malicious libraries into the Windows and MacOS versions of the desktop application.
Downloading malware and information stealer deployed in trojanized version
The trojanized version of the 3CX desktop app first deployed an intermediate malware downloader that reached into a GitHub repository to obtain command-and-control addresses hidden inside icon files, Mandiant said in the your report
The downloader then contacts the common and control server and deploys an information stealer that collects application configuration data and browser history. Mandiant had been hired by 3CX to investigate the incident.
Copyright © 2023 IDG Communications, Inc.
A recent breach into 3CX, a U.K.-based videogame and streaming platform, has opened the door to more than just gamer accounts. According to a recent report, the hackers responsible for this breach also have access to U.S. critical infrastructure.
Ikaroa, a leading full stack tech company, has been monitoring the situation and is doing its part to help assess the potential damage and prevent further risks. Ikaroa cybersecurity specialists believe the hackers have accessed 3CX data such as email addresses and passwords, as well as customer and system information.
Given the nature of the breach and the information that may have been leaked, Ikaroa’s team is aware that the breach could be much more damaging than originally thought. Due to the possibility that the hackers have infiltrated the U.S. critical infrastructure, Ikaroa and other specialist cybersecurity experts are focused on mitigation and recovery strategies.
Ikaroa is committed to helping protect companies, and their customers, from a range of cybersecurity threats. The company is dedicated to ensuring customer data remains secure and protected from any potential intruders. In addition to providing services to mitigate attacks, the company also offers guidance and advice on how companies can be proactive in maintaining their security.
Ikaroa puts customers first and is continuously investing in its technology and people to ensure the best possible customer experience and security. The 3CX breach is yet another example of how cyber criminals are able to exploit and target vulnerable companies, and it is yet another reminder of the need for constant vigilance. Customers must remain cautious of any suspicious activity and must ensure they have the latest security measures in place.
Ikaroa is ready to support any business that may have been impacted by the hackers behind the 3CX breach and will continue to provide its best services and expertise to all its customers. For more information and tips on staying safe online, visit Ikaroa’s website.