Skip to content

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms “How To Improve Your Writing Skills” “Enhancing Your Writing Abilities”

New details have been revealed about the recent 3CX supply chain attack, indicating that it was orchestrated by hackers from North Korea with the aim of targeting cryptocurrency companies.

Cybersecurity firm Kaspersky has conducted its own analysis of the incident and found links to attacks observed by the company back in 2020. Those attacks involved a backdoor dubbed Gopuram, which had been spotted on systems belonging to a Southeast Asian cryptocurrency firm. Gopuram was present at the time on compromised devices alongside AppleJeus, malware linked to North Korea’s Lazarus group.

Kaspersky has seen only few Gopuram infections since 2020, but there was a surge in March 2023 and an analysis revealed that the surge was a result of the 3CX supply chain attack. The hackers behind the 3CX attack likely delivered the Gopuram malware to victims that were deemed of interest.

According to Kaspersky, Gopuram was deployed on less than 10 devices as part of the 3CX attack, mainly belonging to cryptocurrency companies, which suggests that the operation was aimed at this sector. North Korean government-backed hackers have been known to steal significant amounts of cryptocurrency to fund their operations, and this attack appears to be part of those efforts. 

The goal of the attack was likely to identify victims of interest to which additional payloads, such as the Gopuram malware, would be delivered. It’s believed that the operation was detected in its initial stages, before it reached the magnitude of the SolarWinds incident.

3CX, whose initial response to the breach was criticized by many for being slow, is still investigating the attack, with the aid of Mandiant. The company has advised users to uninstall its desktop applications and instead rely on the PWA web client.

In conclusion, the recent 3CX supply chain attack was orchestrated by North Korean hackers with the goal of targeting cryptocurrency companies. The hackers likely delivered the Gopuram malware to victims of interest, in order to steal significant amounts of cryptocurrency. The goal was to identify victims to which additional payloads would be delivered and it appears the operation was detected in its initial stages. 3CX is still investigating the attack, with the aid of Mandiant, and has advised users to uninstall its desktop applications and instead rely on the PWA web client.

Key Points:

  • The 3CX supply chain attack was orchestrated by North Korean hackers.
  • The goal was to target cryptocurrency companies and steal significant amounts of cryptocurrency.
  • The attackers likely delivered the Gopuram malware to victims of interest.
  • The operation was detected in its initial stages.
  • 3CX is still investigating the attack with the aid of Mandiant.
  • 3CX has advised users to uninstall its desktop applications and instead rely on the PWA web client.

Leave a Reply

Your email address will not be published. Required fields are marked *