"Double Supply Chain Attack Behind 3CX Hack"
TL;DR Summary
The recent supply chain attack on 3CX was caused by a previous supply chain compromise at Trading Technologies, where North Korean hackers breached the site to push trojanized software builds. The attackers used harvested credentials to move laterally through 3CX's network, eventually breaching both the Windows and macOS build environments. The malware achieved persistence through DLL side-loading via legitimate Microsoft Windows binaries, which made it harder to detect. The threat group (UNC4736) is related to the financially motivated North Korean Lazarus Group behind Operation AppleJeus.
Topics:business#3cx#cybersecurity#malware#north-korean-hackers#supply-chain-attack#trading-technologies
- 3CX hack caused by trading software supply chain attack BleepingComputer
- 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible Mandiant
- Analysis | The 3CX cyberattack was the result of two supply-chain hacks, Mandiant says The Washington Post
- 3CX’s supply chain attack was caused by… another supply chain attack TechCrunch
- The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks WIRED
- View Full Coverage on Google News
Reading Insights
Total Reads
0
Unique Readers
12
Time Saved
3 min
vs 4 min read
Condensed
86%
615 → 85 words
Want the full story? Read the original article
Read on BleepingComputer