Home 3CX hackers also breached critical infrastructure

3CX hackers also breached critical infrastructure

April 24 — In late March, security threat intelligence analysts uncovered a supply chain attack that targeted the communications software provider known as 3CX. The attack also targeted the company’s customers.

The hackers responsible for said breach also disrupted two energy sector critical infrastructure organizations and two financial trading organizations that use the trojanized X_TRADER application.

Cyber security researchers have determined that the trojanized X_TRADER application was the cause of the 3CX breach. 

Critical infrastructure impact

In terms of the two critical infrastructure organizations affected, one is located in the US while the other is based in Europe. The precise impact of the attacks actually remains unknown at this time. An investigation is in-progress and experts believe that there is more to this story, which we will post here as more information becomes available.

Attack attribution

Attack configurations have led cyber security researchers to believe that the perpetrator is the North Korean group, Lazarus. The multi-element attacks seems to have substantial overlap with previous North Korea-aligned groups and campaigns.

Exactly how threat actors managed to tamper with X_TRADER, a piece of trading software developed by a company called Trading Technologies, is one of several mysteries surrounding this situation.

Further details

Researchers have also discovered that 3CX was breached via an earlier supply chain attack, and that consequently, the fallout from this series of incidents may be more extensive than initially anticipated.

Supply chain attacks can be remarkably stealthy, as they have the ability to infiltrate systems and to evade detection for long periods of time. In turn, they can cause significant damage ahead of their discovery. For supply chain attack prevention tips, please see CyberTalk.org’s past coverage.

For technical details pertaining to this story, please click here. Want to stay up-to-date with trends in technology? Check out the CyberTalk.org newsletter. Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.